Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. http://www.markmonitor.com/cta/bji-special-edition2010/ [Lead_Source_Mktg parameter] next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/bji-special-edition2010/

Issue detail

The value of the Lead_Source_Mktg request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6928"><a%20b%3dc>dc4e85b3084 was submitted in the Lead_Source_Mktg parameter. This input was echoed as e6928"><a b=c>dc4e85b3084 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/bji-special-edition2010/?Lead_Source_Mktg=WEBe6928"><a%20b%3dc>dc4e85b3084 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:56 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31836
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<input type="hidden" name="00N30000001EP2b" value="WEBe6928"><a b=c>dc4e85b3084" />
...[SNIP]...

1.2. http://www.markmonitor.com/cta/bji-special-edition2010/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/bji-special-edition2010/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30e8f"><a>95a38fbf219 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/bji-special-edition2010/?30e8f"><a>95a38fbf219=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:23 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31789
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<form method="post" action="/cta/bji-special-edition2010/?30e8f"><a>95a38fbf219=1" id="campaign-form">
...[SNIP]...

1.3. http://www.markmonitor.com/cta/bji-winter2009/ [Lead_Source_Mktg parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/bji-winter2009/

Issue detail

The value of the Lead_Source_Mktg request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2e1e"><a%20b%3dc>7388b13ef21 was submitted in the Lead_Source_Mktg parameter. This input was echoed as b2e1e"><a b=c>7388b13ef21 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/bji-winter2009/?Lead_Source_Mktg=WEBb2e1e"><a%20b%3dc>7388b13ef21 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:21:49 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32068
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<input type="hidden" name="00N30000001EP2b" value="WEBb2e1e"><a b=c>7388b13ef21" />
...[SNIP]...

1.4. http://www.markmonitor.com/cta/bji-winter2009/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/bji-winter2009/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e211"><a>dffa40fe4f6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/bji-winter2009/?3e211"><a>dffa40fe4f6=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:22:13 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32021
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<form method="post" action="/cta/bji-winter2009/?3e211"><a>dffa40fe4f6=1" id="campaign-form">
...[SNIP]...

1.5. http://www.markmonitor.com/cta/cs-AAA/ [Lead_Source_Mktg parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/cs-AAA/

Issue detail

The value of the Lead_Source_Mktg request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82d94"><a%20b%3dc>813b15a82bd was submitted in the Lead_Source_Mktg parameter. This input was echoed as 82d94"><a b=c>813b15a82bd in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/cs-AAA/?Lead_Source_Mktg=WEB82d94"><a%20b%3dc>813b15a82bd HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:29 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32040
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<input type="hidden" name="00N30000001EP2b" value="WEB82d94"><a b=c>813b15a82bd" />
...[SNIP]...

1.6. http://www.markmonitor.com/cta/cs-AAA/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/cs-AAA/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cde31"><a>cda5b00d17a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/cs-AAA/?cde31"><a>cda5b00d17a=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:21:22 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31993
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<form method="post" action="/cta/cs-AAA/?cde31"><a>cda5b00d17a=1" id="campaign-form">
...[SNIP]...

1.7. http://www.markmonitor.com/cta/cs-Deckers/ [Lead_Source_Mktg parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/cs-Deckers/

Issue detail

The value of the Lead_Source_Mktg request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55d7b"><a%20b%3dc>abdce035343 was submitted in the Lead_Source_Mktg parameter. This input was echoed as 55d7b"><a b=c>abdce035343 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cta/cs-Deckers/?Lead_Source_Mktg=web-Brand-Protection55d7b"><a%20b%3dc>abdce035343 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:22:25 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32215
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<input type="hidden" name="00N30000001EP2b" value="web-Brand-Protection55d7b"><a b=c>abdce035343" />
...[SNIP]...

1.8. http://www.markmonitor.com/cta/cs-Deckers/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/cs-Deckers/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a755"><a>ba631dafa51 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cta/cs-Deckers/?5a755"><a>ba631dafa51=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:24:17 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32134
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<form method="post" action="/cta/cs-deckers/?5a755"><a>ba631dafa51=1" id="campaign-form">
...[SNIP]...

1.9. http://www.markmonitor.com/cta/cs-wwe/ [Lead_Source_Mktg parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/cs-wwe/

Issue detail

The value of the Lead_Source_Mktg request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7383d"><a%20b%3dc>560e693c813 was submitted in the Lead_Source_Mktg parameter. This input was echoed as 7383d"><a b=c>560e693c813 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/cs-wwe/?Lead_Source_Mktg=HP7383d"><a%20b%3dc>560e693c813 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:40 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31627
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<input type="hidden" name="00N30000001EP2b" value="HP7383d"><a b=c>560e693c813" />
...[SNIP]...

1.10. http://www.markmonitor.com/cta/cs-wwe/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/cs-wwe/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afe9c"><a>e97ee1fe3ea was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/cs-wwe/?afe9c"><a>e97ee1fe3ea=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:19 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31582
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<form method="post" action="/cta/cs-wwe/?afe9c"><a>e97ee1fe3ea=1" id="campaign-form">
...[SNIP]...

1.11. http://www.markmonitor.com/cta/request-dtec/index.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/request-dtec/index.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4245e"><a>1529bb9cbcc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/request-dtec/index.php?4245e"><a>1529bb9cbcc=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:22:20 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31383
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<form method="post" action="/cta/request-dtec/index.php?4245e"><a>1529bb9cbcc=1" id="campaign-form">
...[SNIP]...

1.12. http://www.markmonitor.com/cta/request/ [Lead_Source_Mktg parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/request/

Issue detail

The value of the Lead_Source_Mktg request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9fe60"><a%20b%3dc>6f3f217f4bc was submitted in the Lead_Source_Mktg parameter. This input was echoed as 9fe60"><a b=c>6f3f217f4bc in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/request/?Lead_Source_Mktg=gTLD9fe60"><a%20b%3dc>6f3f217f4bc HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:42 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31410
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<input type="hidden" name="00N30000001EP2b" value="gTLD9fe60"><a b=c>6f3f217f4bc" />
...[SNIP]...

1.13. http://www.markmonitor.com/cta/request/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/request/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f6c9"><a>2f35aa25784 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/request/?6f6c9"><a>2f35aa25784=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:13 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31361
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<form method="post" action="/cta/request/?6f6c9"><a>2f35aa25784=1" id="campaign-form">
...[SNIP]...

1.14. http://www.markmonitor.com/cta/request/index.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/request/index.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac72d"><a>9308c7d4bc5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/request/index.php?ac72d"><a>9308c7d4bc5=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/products/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:20 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31370
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<form method="post" action="/cta/request/index.php?ac72d"><a>9308c7d4bc5=1" id="campaign-form">
...[SNIP]...

1.15. http://www.markmonitor.com/cta/wp-6steps/ [Lead_Source_Mktg parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/wp-6steps/

Issue detail

The value of the Lead_Source_Mktg request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d04ba"><a%20b%3dc>198d743dcf8 was submitted in the Lead_Source_Mktg parameter. This input was echoed as d04ba"><a b=c>198d743dcf8 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/wp-6steps/?Lead_Source_Mktg=WEBd04ba"><a%20b%3dc>198d743dcf8 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/products/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:41 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32031
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<input type="hidden" name="00N30000001EP2b" value="WEBd04ba"><a b=c>198d743dcf8" />
...[SNIP]...

1.16. http://www.markmonitor.com/cta/wp-6steps/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/wp-6steps/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 98530"><a>6b15b4cca70 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/wp-6steps/?98530"><a>6b15b4cca70=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31984
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<form method="post" action="/cta/wp-6steps/?98530"><a>6b15b4cca70=1" id="campaign-form">
...[SNIP]...

1.17. http://www.markmonitor.com/cta/wp-counterfeit/ [Lead_Source_Mktg parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/wp-counterfeit/

Issue detail

The value of the Lead_Source_Mktg request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 12cea"><a%20b%3dc>27c6d826f72 was submitted in the Lead_Source_Mktg parameter. This input was echoed as 12cea"><a b=c>27c6d826f72 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/wp-counterfeit/?Lead_Source_Mktg=HP12cea"><a%20b%3dc>27c6d826f72 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:43 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31729
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<input type="hidden" name="00N30000001EP2b" value="HP12cea"><a b=c>27c6d826f72" />
...[SNIP]...

1.18. http://www.markmonitor.com/cta/wp-counterfeit/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/wp-counterfeit/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bba4c"><a>c4b419881bd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/wp-counterfeit/?bba4c"><a>c4b419881bd=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:16 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31684
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<form method="post" action="/cta/wp-counterfeit/?bba4c"><a>c4b419881bd=1" id="campaign-form">
...[SNIP]...

1.19. http://www.markmonitor.com/cta/wp-paidsearch/ [Lead_Source_Mktg parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/wp-paidsearch/

Issue detail

The value of the Lead_Source_Mktg request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ffd97"><a%20b%3dc>8976b54853c was submitted in the Lead_Source_Mktg parameter. This input was echoed as ffd97"><a b=c>8976b54853c in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/wp-paidsearch/?Lead_Source_Mktg=web-Brand-Protectionffd97"><a%20b%3dc>8976b54853c HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:22:01 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31748
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<input type="hidden" name="00N30000001EP2b" value="web-Brand-Protectionffd97"><a b=c>8976b54853c" />
...[SNIP]...

1.20. http://www.markmonitor.com/cta/wp-paidsearch/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/wp-paidsearch/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99e7b"><a>9f6257ea54c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/wp-paidsearch/?99e7b"><a>9f6257ea54c=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:23:43 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31667
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<form method="post" action="/cta/wp-paidsearch/?99e7b"><a>9f6257ea54c=1" id="campaign-form">
...[SNIP]...

1.21. http://www.markmonitor.com/cta/wp-protectingbrand/ [Lead_Source_Mktg parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/wp-protectingbrand/

Issue detail

The value of the Lead_Source_Mktg request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6067"><a%20b%3dc>a6ae0c2d532 was submitted in the Lead_Source_Mktg parameter. This input was echoed as f6067"><a b=c>a6ae0c2d532 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/wp-protectingbrand/?Lead_Source_Mktg=WEBf6067"><a%20b%3dc>a6ae0c2d532 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:03 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32340
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<input type="hidden" name="00N30000001EP2b" value="WEBf6067"><a b=c>a6ae0c2d532" />
...[SNIP]...

1.22. http://www.markmonitor.com/cta/wp-protectingbrand/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/cta/wp-protectingbrand/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31d47"><a>2a9f6e35bdd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cta/wp-protectingbrand/?31d47"><a>2a9f6e35bdd=1 HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:37 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32293
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
<form method="post" action="/cta/wp-protectingbrand/?31d47"><a>2a9f6e35bdd=1" id="campaign-form">
...[SNIP]...

2. Cross-domain Referer leakage previous next
There are 9 instances of this issue:

/cta/bji-special-edition2010/
/cta/bji-winter2009/
/cta/cs-AAA/
/cta/cs-wwe/
/cta/request/
/cta/wp-6steps/
/cta/wp-counterfeit/
/cta/wp-paidsearch/
/cta/wp-protectingbrand/

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

2.1. http://www.markmonitor.com/cta/bji-special-edition2010/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/bji-special-edition2010/

Issue detail

The page was loaded from a URL containing a query string:

http://www.markmonitor.com/cta/bji-special-edition2010/?Lead_Source_Mktg=WEB

The response contains the following links to other domains:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS
http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/bji-special-edition2010/?Lead_Source_Mktg=WEB HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:43 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31782
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

           <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>

   <noscript>
       <iframe src="http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...

2.2. http://www.markmonitor.com/cta/bji-winter2009/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/bji-winter2009/

Issue detail

The page was loaded from a URL containing a query string:

http://www.markmonitor.com/cta/bji-winter2009/?Lead_Source_Mktg=WEB

The response contains the following links to other domains:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS
http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/bji-winter2009/?Lead_Source_Mktg=WEB HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:21:16 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32014
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

           <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>

   <noscript>
       <iframe src="http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...

2.3. http://www.markmonitor.com/cta/cs-AAA/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/cs-AAA/

Issue detail

The page was loaded from a URL containing a query string:

http://www.markmonitor.com/cta/cs-AAA/?Lead_Source_Mktg=WEB

The response contains the following links to other domains:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS
http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/cs-AAA/?Lead_Source_Mktg=WEB HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:17 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31986
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

           <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>

   <noscript>
       <iframe src="http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...

2.4. http://www.markmonitor.com/cta/cs-wwe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/cs-wwe/

Issue detail

The page was loaded from a URL containing a query string:

http://www.markmonitor.com/cta/cs-wwe/?Lead_Source_Mktg=HP

The response contains the following links to other domains:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS
http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/cs-wwe/?Lead_Source_Mktg=HP HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:20 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31573
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

           <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>

   <noscript>
       <iframe src="http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...

2.5. http://www.markmonitor.com/cta/request/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/request/

Issue detail

The page was loaded from a URL containing a query string:

http://www.markmonitor.com/cta/request/?Lead_Source_Mktg=gTLD

The response contains the following links to other domains:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS
http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/request/?Lead_Source_Mktg=gTLD HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:26 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31356
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</div>

           <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>

   <noscript>
       <iframe src="http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...

2.6. http://www.markmonitor.com/cta/wp-6steps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/wp-6steps/

Issue detail

The page was loaded from a URL containing a query string:

http://www.markmonitor.com/cta/wp-6steps/?Lead_Source_Mktg=WEB

The response contains the following links to other domains:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS
http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/wp-6steps/?Lead_Source_Mktg=WEB HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/products/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:26 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31977
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

           <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>

   <noscript>
       <iframe src="http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...

2.7. http://www.markmonitor.com/cta/wp-counterfeit/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/wp-counterfeit/

Issue detail

The page was loaded from a URL containing a query string:

http://www.markmonitor.com/cta/wp-counterfeit/?Lead_Source_Mktg=HP

The response contains the following links to other domains:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS
http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/wp-counterfeit/?Lead_Source_Mktg=HP HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:25 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31675
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

           <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>

   <noscript>
       <iframe src="http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...

2.8. http://www.markmonitor.com/cta/wp-paidsearch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/wp-paidsearch/

Issue detail

The page was loaded from a URL containing a query string:

http://www.markmonitor.com/cta/wp-paidsearch/?Lead_Source_Mktg=web-Brand-Protection

The response contains the following links to other domains:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS
http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/wp-paidsearch/?Lead_Source_Mktg=web-Brand-Protection HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:21:19 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31694
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

           <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>

   <noscript>
       <iframe src="http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...

2.9. http://www.markmonitor.com/cta/wp-protectingbrand/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/wp-protectingbrand/

Issue detail

The page was loaded from a URL containing a query string:

http://www.markmonitor.com/cta/wp-protectingbrand/?Lead_Source_Mktg=WEB

The response contains the following links to other domains:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS
http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/wp-protectingbrand/?Lead_Source_Mktg=WEB HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:51 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32286
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

           <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>

   <noscript>
       <iframe src="http://api.recaptcha.net/noscript?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...

3. Cross-domain script include previous next
There are 114 instances of this issue:

/
/company/
/company/alliances.php
/company/board.php
/company/careers.php
/company/events.php
/company/index.php
/company/industry-associations.php
/company/management.php
/company/news.php
/company/overview.php
/company/press.php
/contact/
/contact/index.php
/cta/bji-special-edition2010/
/cta/bji-winter2009/
/cta/cs-AAA/
/cta/cs-wwe/
/cta/request-dtec/
/cta/request-dtec/index.php
/cta/request/
/cta/request/index.php
/cta/wp-6steps/
/cta/wp-counterfeit/
/cta/wp-paidsearch/
/cta/wp-protectingbrand/
/customers/
/customers/customer-case-studies.php
/customers/customer-news.php
/customers/customer-quotes.php
/customers/customer-videos.php
/customers/index.php
/customers/our-customers.php
/de/
/de/index.php
/es/
/es/index.php
/fr/
/fr/index.php
/index.php
/jobpostings/b-Client_Services_Manager.php
/jobpostings/b-Domain_Operations_Coordinator.php
/jobpostings/b-brand_protection_analyst.php
/jobpostings/b-software_engineer.php
/jobpostings/emea-client_services_manager.php
/jobpostings/m-Administrative_Assistant.php
/jobpostings/m-Fraud_Analyst.php
/jobpostings/sf-Computer_Software_Engineer.php
/jobpostings/sf-Principal_Database_Engineer.php
/jobpostings/sf-Search-Engineer.php
/legal/
/legal/index.php
/legal/legal.php
/legal/privacy.php
/legal/tc-blog.php
/legal/tc-bp.php
/legal/tc-dm.php
/mmblog/
/mmblog/affiliate-buying-of-keywords-in-paid-search/
/mmblog/ccidns-so-many-choices-so-little-time/
/mmblog/counterfeit-merchandise-beyond-luxury-knockoffs/
/mmblog/google-cracks-down-on-illegal-online-pharmacies/
/mmblog/icann-board-retreat-results-in-specific-new-gtld-directives/
/mmblog/icann-publishes-new-gtld-timeline/
/mmblog/markmonitor-customer-response-to-new-tlds/
/mmblog/pharmaceutical-brandjacking-controlled-buy/
/mmblog/q2-and-q3-2010-fraud-intelligence-reports/
/mmblog/so-what/
/mmblog/understand-the-value-of-defensive-domain-registrations/
/mmblog/understanding-hot-triggers-from-a-scammers-perspective/
/mmblog/upcoming-webinar-new-gtlds-perspectives-from-icann/
/pressreleases/2010/pr101018.php
/products/
/products/anti-piracy-capabilites.php
/products/antifraud-solutions.php
/products/brand-protection.php
/products/domain-management.php
/products/index.php
/products/managed-services.php
/resources/
/resources/article-reprints.php
/resources/brand-abuse-terms.php
/resources/brandjacking-index.php
/resources/case-studies.php
/resources/data-sheets.php
/resources/domain-name-terms.php
/resources/index.php
/resources/newsletters.php
/resources/podcasts.php
/resources/webinars.php
/resources/white-papers.php
/searchresults/
/searchresults/index.php
/services/
/services/TLD-advisory-services.php
/services/domain-advisory-services.php
/services/index.php
/services/managed-services.php
/sitemap/
/sitemap/index.php
/solutions/
/solutions/brand-protection-platform.php
/solutions/index.php
/solutions/industry-solutions-automotive-and-industrial.php
/solutions/industry-solutions-consumer-goods.php
/solutions/industry-solutions-entertainment.php
/solutions/industry-solutions-financial-sevices.php
/solutions/industry-solutions-hardware-and-software.php
/solutions/industry-solutions-online-services.php
/solutions/industry-solutions-pharmaceuticals.php
/solutions/industry-solutions-retail.php
/solutions/industry-solutions-travel-and-hospitality.php
/solutions/industry-solutions.php
/solutions/trusted-brand-broadcast-system.php

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

3.1. http://www.markmonitor.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET / HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.markmonitor.com

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:05:29 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16815
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.2. http://www.markmonitor.com/company/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 20927
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.3. http://www.markmonitor.com/company/alliances.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/alliances.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/alliances.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:18:54 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 20414
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.4. http://www.markmonitor.com/company/board.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/board.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/board.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:18:49 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 24336
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.5. http://www.markmonitor.com/company/careers.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/careers.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/careers.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:18:40 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 18864
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.6. http://www.markmonitor.com/company/events.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/events.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/events.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:07 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 19807
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.7. http://www.markmonitor.com/company/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:18:40 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 20927
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.8. http://www.markmonitor.com/company/industry-associations.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/industry-associations.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/industry-associations.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:01 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 21879
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.9. http://www.markmonitor.com/company/management.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/management.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/management.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:18:40 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 27568
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.10. http://www.markmonitor.com/company/news.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/news.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/news.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:02 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 29100
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.11. http://www.markmonitor.com/company/overview.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/overview.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/overview.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:18:41 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 21600
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.12. http://www.markmonitor.com/company/press.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/press.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /company/press.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:02 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22774
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.13. http://www.markmonitor.com/contact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/contact/

Issue detail

The response dynamically includes the following scripts from other domains:

http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAtcnId4DFHP0cTRp1Hm05MhRIEhdxTvhZrAJ5JCDzQIa0i8GIARS_teDj0cyVw9C51kXf99pudtkufA
http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /contact/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

3.14. http://www.markmonitor.com/contact/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/contact/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAtcnId4DFHP0cTRp1Hm05MhRIEhdxTvhZrAJ5JCDzQIa0i8GIARS_teDj0cyVw9C51kXf99pudtkufA
http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /contact/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

3.15. http://www.markmonitor.com/cta/bji-special-edition2010/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/bji-special-edition2010/

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/bji-special-edition2010/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:29 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31765
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.16. http://www.markmonitor.com/cta/bji-winter2009/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/bji-winter2009/

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/bji-winter2009/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:20 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31997
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.17. http://www.markmonitor.com/cta/cs-AAA/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/cs-AAA/

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/cs-AAA/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:05 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31969
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.18. http://www.markmonitor.com/cta/cs-wwe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/cs-wwe/

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:20 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31573
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.19. http://www.markmonitor.com/cta/request-dtec/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/request-dtec/

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/request-dtec/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:14:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31350
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.20. http://www.markmonitor.com/cta/request-dtec/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/request-dtec/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/request-dtec/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:20:20 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31359
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.21. http://www.markmonitor.com/cta/request/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/request/

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/request/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:24 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31337
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.22. http://www.markmonitor.com/cta/request/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/request/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/request/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/products/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:26 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31346
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.23. http://www.markmonitor.com/cta/wp-6steps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/wp-6steps/

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/wp-6steps/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:25 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31960
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.24. http://www.markmonitor.com/cta/wp-counterfeit/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/wp-counterfeit/

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/wp-counterfeit/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:25 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31660
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.25. http://www.markmonitor.com/cta/wp-paidsearch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/wp-paidsearch/

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/wp-paidsearch/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:21:17 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31643
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.26. http://www.markmonitor.com/cta/wp-protectingbrand/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/cta/wp-protectingbrand/

Issue detail

The response dynamically includes the following script from another domain:

http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS

Request

GET /cta/wp-protectingbrand/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:46 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 32269
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
</div>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6LdtyroSAAAAALD2ntnguA5njOO_76rWdte3nHgS"></script>
...[SNIP]...

3.27. http://www.markmonitor.com/customers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/customers/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /customers/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 18415
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.28. http://www.markmonitor.com/customers/customer-case-studies.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/customers/customer-case-studies.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /customers/customer-case-studies.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:17 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 18719
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.29. http://www.markmonitor.com/customers/customer-news.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/customers/customer-news.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /customers/customer-news.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/customers/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:17 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 18962
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.30. http://www.markmonitor.com/customers/customer-quotes.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/customers/customer-quotes.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /customers/customer-quotes.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:17 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 21721
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.31. http://www.markmonitor.com/customers/customer-videos.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/customers/customer-videos.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /customers/customer-videos.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:13 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 21645
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.32. http://www.markmonitor.com/customers/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/customers/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /customers/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:13 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 18415
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.33. http://www.markmonitor.com/customers/our-customers.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/customers/our-customers.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /customers/our-customers.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:14 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 31813
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.34. http://www.markmonitor.com/de/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/de/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /de/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:58 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 17956
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.35. http://www.markmonitor.com/de/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/de/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /de/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/subscription/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

3.36. http://www.markmonitor.com/es/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/es/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /es/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:00 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 18080
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.37. http://www.markmonitor.com/es/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/es/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /es/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/subscription/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

3.38. http://www.markmonitor.com/fr/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/fr/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /fr/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:00 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 18300
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.39. http://www.markmonitor.com/fr/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/fr/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /fr/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/subscription/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

3.40. http://www.markmonitor.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16815
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.41. http://www.markmonitor.com/jobpostings/b-Client_Services_Manager.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/b-Client_Services_Manager.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /jobpostings/b-Client_Services_Manager.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16757
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.42. http://www.markmonitor.com/jobpostings/b-Domain_Operations_Coordinator.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/b-Domain_Operations_Coordinator.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /jobpostings/b-Domain_Operations_Coordinator.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16641
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.43. http://www.markmonitor.com/jobpostings/b-brand_protection_analyst.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/b-brand_protection_analyst.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /jobpostings/b-brand_protection_analyst.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16297
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.44. http://www.markmonitor.com/jobpostings/b-software_engineer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/b-software_engineer.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /jobpostings/b-software_engineer.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

3.45. http://www.markmonitor.com/jobpostings/emea-client_services_manager.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/emea-client_services_manager.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /jobpostings/emea-client_services_manager.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16497
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.46. http://www.markmonitor.com/jobpostings/m-Administrative_Assistant.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/m-Administrative_Assistant.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /jobpostings/m-Administrative_Assistant.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16747
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.47. http://www.markmonitor.com/jobpostings/m-Fraud_Analyst.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/m-Fraud_Analyst.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /jobpostings/m-Fraud_Analyst.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 15412
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.48. http://www.markmonitor.com/jobpostings/sf-Computer_Software_Engineer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/sf-Computer_Software_Engineer.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /jobpostings/sf-Computer_Software_Engineer.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 14940
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.49. http://www.markmonitor.com/jobpostings/sf-Principal_Database_Engineer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/sf-Principal_Database_Engineer.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /jobpostings/sf-Principal_Database_Engineer.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 15228
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.50. http://www.markmonitor.com/jobpostings/sf-Search-Engineer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/sf-Search-Engineer.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /jobpostings/sf-Search-Engineer.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/company/careers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 15470
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.51. http://www.markmonitor.com/legal/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/legal/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /legal/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22751
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.52. http://www.markmonitor.com/legal/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/legal/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /legal/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:34 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22751
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.53. http://www.markmonitor.com/legal/legal.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/legal/legal.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /legal/legal.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/subscription/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:00 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 28680
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.54. http://www.markmonitor.com/legal/privacy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/legal/privacy.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /legal/privacy.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:34 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 15555
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.55. http://www.markmonitor.com/legal/tc-blog.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/legal/tc-blog.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /legal/tc-blog.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/legal/privacy.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:47 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16764
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.56. http://www.markmonitor.com/legal/tc-bp.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/legal/tc-bp.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /legal/tc-bp.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/legal/privacy.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:42 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22935
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.57. http://www.markmonitor.com/legal/tc-dm.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/legal/tc-dm.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /legal/tc-dm.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/legal/privacy.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:41 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 300533
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.58. http://www.markmonitor.com/mmblog/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:22:46 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Content-Length: 74705
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.59. http://www.markmonitor.com/mmblog/affiliate-buying-of-keywords-in-paid-search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/affiliate-buying-of-keywords-in-paid-search/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/affiliate-buying-of-keywords-in-paid-search/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:34:55 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25528

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.60. http://www.markmonitor.com/mmblog/ccidns-so-many-choices-so-little-time/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/ccidns-so-many-choices-so-little-time/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/ccidns-so-many-choices-so-little-time/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:24:45 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21297

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.61. http://www.markmonitor.com/mmblog/counterfeit-merchandise-beyond-luxury-knockoffs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/counterfeit-merchandise-beyond-luxury-knockoffs/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/counterfeit-merchandise-beyond-luxury-knockoffs/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:24:52 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20658

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.62. http://www.markmonitor.com/mmblog/google-cracks-down-on-illegal-online-pharmacies/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/google-cracks-down-on-illegal-online-pharmacies/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/google-cracks-down-on-illegal-online-pharmacies/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:40:22 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21530

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.63. http://www.markmonitor.com/mmblog/icann-board-retreat-results-in-specific-new-gtld-directives/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/icann-board-retreat-results-in-specific-new-gtld-directives/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/icann-board-retreat-results-in-specific-new-gtld-directives/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:40:28 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21616

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.64. http://www.markmonitor.com/mmblog/icann-publishes-new-gtld-timeline/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/icann-publishes-new-gtld-timeline/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/icann-publishes-new-gtld-timeline/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/mmblog/understand-the-value-of-defensive-domain-registrations/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:14:07 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.65. http://www.markmonitor.com/mmblog/markmonitor-customer-response-to-new-tlds/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/markmonitor-customer-response-to-new-tlds/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/markmonitor-customer-response-to-new-tlds/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:25:14 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24203

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.66. http://www.markmonitor.com/mmblog/pharmaceutical-brandjacking-controlled-buy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/pharmaceutical-brandjacking-controlled-buy/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/pharmaceutical-brandjacking-controlled-buy/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:25:15 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28149

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.67. http://www.markmonitor.com/mmblog/q2-and-q3-2010-fraud-intelligence-reports/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/q2-and-q3-2010-fraud-intelligence-reports/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/q2-and-q3-2010-fraud-intelligence-reports/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:34:52 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.68. http://www.markmonitor.com/mmblog/so-what/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/so-what/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/so-what/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:44:36 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20203

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.69. http://www.markmonitor.com/mmblog/understand-the-value-of-defensive-domain-registrations/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/understand-the-value-of-defensive-domain-registrations/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/understand-the-value-of-defensive-domain-registrations/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:22:27 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20825

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.70. http://www.markmonitor.com/mmblog/understanding-hot-triggers-from-a-scammers-perspective/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/understanding-hot-triggers-from-a-scammers-perspective/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/understanding-hot-triggers-from-a-scammers-perspective/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/products/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:22:57 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22157

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.71. http://www.markmonitor.com/mmblog/upcoming-webinar-new-gtlds-perspectives-from-icann/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/mmblog/upcoming-webinar-new-gtlds-perspectives-from-icann/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/152/addthis_widget.js

Request

GET /mmblog/upcoming-webinar-new-gtlds-perspectives-from-icann/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:31:58 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.markmonitor.com/mmblog/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21060

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...

3.72. http://www.markmonitor.com/pressreleases/2010/pr101018.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/pressreleases/2010/pr101018.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /pressreleases/2010/pr101018.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:21:41 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 17593
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.73. http://www.markmonitor.com/products/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/products/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /products/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 19940
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.74. http://www.markmonitor.com/products/anti-piracy-capabilites.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/products/anti-piracy-capabilites.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /products/anti-piracy-capabilites.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:23 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22316
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.75. http://www.markmonitor.com/products/antifraud-solutions.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/products/antifraud-solutions.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /products/antifraud-solutions.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/products/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 25228
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.76. http://www.markmonitor.com/products/brand-protection.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/products/brand-protection.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /products/brand-protection.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/products/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 24823
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.77. http://www.markmonitor.com/products/domain-management.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/products/domain-management.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /products/domain-management.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/products/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:23 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 21618
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.78. http://www.markmonitor.com/products/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/products/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /products/index.php HTTP/1.1
Accept: */*
Referer: http://www.markmonitor.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.markmonitor.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:10:34 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 19940
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.79. http://www.markmonitor.com/products/managed-services.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/products/managed-services.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /products/managed-services.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/products/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 23437
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.80. http://www.markmonitor.com/resources/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 20504
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.81. http://www.markmonitor.com/resources/article-reprints.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/article-reprints.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/article-reprints.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:42 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22660
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.82. http://www.markmonitor.com/resources/brand-abuse-terms.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/brand-abuse-terms.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/brand-abuse-terms.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:27 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 28217
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.83. http://www.markmonitor.com/resources/brandjacking-index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/brandjacking-index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/brandjacking-index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:32 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22152
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.84. http://www.markmonitor.com/resources/case-studies.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/case-studies.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/case-studies.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:33 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 19630
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.85. http://www.markmonitor.com/resources/data-sheets.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/data-sheets.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/data-sheets.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:33 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 19927
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.86. http://www.markmonitor.com/resources/domain-name-terms.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/domain-name-terms.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/domain-name-terms.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:52 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 39616
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.87. http://www.markmonitor.com/resources/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:12 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 20504
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.88. http://www.markmonitor.com/resources/newsletters.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/newsletters.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/newsletters.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:46 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 19763
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.89. http://www.markmonitor.com/resources/podcasts.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/podcasts.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/podcasts.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 21356
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.90. http://www.markmonitor.com/resources/webinars.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/webinars.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/webinars.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:35 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 25844
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.91. http://www.markmonitor.com/resources/white-papers.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/resources/white-papers.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /resources/white-papers.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:17:19 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 19777
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.92. http://www.markmonitor.com/searchresults/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/searchresults/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.google.com/afsonline/show_afs_search.js
http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /searchresults/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 8213
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/afsonline/show_afs_search.js"></script>
...[SNIP]...

3.93. http://www.markmonitor.com/searchresults/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/searchresults/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.google.com/afsonline/show_afs_search.js
http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /searchresults/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:34 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 8213
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/afsonline/show_afs_search.js"></script>
...[SNIP]...

3.94. http://www.markmonitor.com/services/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/services/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /services/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 19089
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.95. http://www.markmonitor.com/services/TLD-advisory-services.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/services/TLD-advisory-services.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /services/TLD-advisory-services.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 21619
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.96. http://www.markmonitor.com/services/domain-advisory-services.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/services/domain-advisory-services.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /services/domain-advisory-services.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22430
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="te
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.97. http://www.markmonitor.com/services/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/services/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /services/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 19089
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.98. http://www.markmonitor.com/services/managed-services.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/services/managed-services.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /services/managed-services.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22779
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.99. http://www.markmonitor.com/sitemap/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/sitemap/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /sitemap/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22146
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.100. http://www.markmonitor.com/sitemap/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/sitemap/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /sitemap/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:34 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 22146
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.101. http://www.markmonitor.com/solutions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/ HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 25826
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.102. http://www.markmonitor.com/solutions/brand-protection-platform.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/brand-protection-platform.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/brand-protection-platform.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 25467
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.103. http://www.markmonitor.com/solutions/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/index.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 25826
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.104. http://www.markmonitor.com/solutions/industry-solutions-automotive-and-industrial.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/industry-solutions-automotive-and-industrial.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/industry-solutions-automotive-and-industrial.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 28886
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.105. http://www.markmonitor.com/solutions/industry-solutions-consumer-goods.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/industry-solutions-consumer-goods.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/industry-solutions-consumer-goods.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 29269
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.106. http://www.markmonitor.com/solutions/industry-solutions-entertainment.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/industry-solutions-entertainment.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/industry-solutions-entertainment.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 27110
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.107. http://www.markmonitor.com/solutions/industry-solutions-financial-sevices.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/industry-solutions-financial-sevices.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/industry-solutions-financial-sevices.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 27707
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.108. http://www.markmonitor.com/solutions/industry-solutions-hardware-and-software.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/industry-solutions-hardware-and-software.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/industry-solutions-hardware-and-software.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 29379
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.109. http://www.markmonitor.com/solutions/industry-solutions-online-services.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/industry-solutions-online-services.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/industry-solutions-online-services.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 27700
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.110. http://www.markmonitor.com/solutions/industry-solutions-pharmaceuticals.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/industry-solutions-pharmaceuticals.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/industry-solutions-pharmaceuticals.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 28033
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.111. http://www.markmonitor.com/solutions/industry-solutions-retail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/industry-solutions-retail.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/industry-solutions-retail.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 28841
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.112. http://www.markmonitor.com/solutions/industry-solutions-travel-and-hospitality.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/industry-solutions-travel-and-hospitality.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/industry-solutions-travel-and-hospitality.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 28677
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.113. http://www.markmonitor.com/solutions/industry-solutions.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/industry-solutions.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/industry-solutions.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 24892
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

3.114. http://www.markmonitor.com/solutions/trusted-brand-broadcast-system.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/solutions/trusted-brand-broadcast-system.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /solutions/trusted-brand-broadcast-system.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:21 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 27520
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

4. Email addresses disclosed previous next
There are 17 instances of this issue:

/company/careers.php
/contact/
/contact/index.php
/jobpostings/b-Client_Services_Manager.php
/jobpostings/b-Domain_Operations_Coordinator.php
/jobpostings/b-brand_protection_analyst.php
/jobpostings/b-software_engineer.php
/jobpostings/emea-client_services_manager.php
/jobpostings/m-Administrative_Assistant.php
/jobpostings/m-Fraud_Analyst.php
/jobpostings/sf-Computer_Software_Engineer.php
/jobpostings/sf-Principal_Database_Engineer.php
/jobpostings/sf-Search-Engineer.php
/legal/privacy.php
/legal/tc-dm.php
/pressreleases/2010/pr101018.php
/subscription/thankyou.html

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

4.1. http://www.markmonitor.com/company/careers.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/company/careers.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:18:40 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 18864
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank"> jobs@markmonitor.com</a>
...[SNIP]...

4.2. http://www.markmonitor.com/contact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/contact/

Issue detail

The following email addresses were disclosed in the response:

admin@markmonitor.com
custserv@markmonitor.com
europe@markmonitor.com
markmonitor@ar-edelman.com
sales@markmonitor.com
tsmith@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:18 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 21978
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<br />

Email: sales@markmonitor.com<br />
...[SNIP]...
<a href="mailto:sales@markmonitor.com" target="_blank">sales@markmonitor.com<br />
...[SNIP]...
<a href="mailto:admin@markmonitor.com" target="_blank">admin@markmonitor.com</a>
...[SNIP]...
<a href="mailto:admin@markmonitor.com" target="_blank">admin@markmonitor.com</a>
...[SNIP]...
<a href="mailto:europe@markmonitor.com" target="_blank"> europe@markmonitor.com</a>
...[SNIP]...
<a href="mailto:custserv@markmonitor.com" target="_blank">custserv@markmonitor.com</a>
...[SNIP]...
<a href="mailto:tsmith@markmonitor.com" target="_blank">tsmith@markmonitor.com</a>
...[SNIP]...
<a href="mailto:markmonitor@ar-edelman.com" target="_blank"><br />markmonitor@ar-edelman.com</a>
...[SNIP]...

4.3. http://www.markmonitor.com/contact/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/contact/index.php

Issue detail

The following email addresses were disclosed in the response:

admin@markmonitor.com
custserv@markmonitor.com
europe@markmonitor.com
markmonitor@ar-edelman.com
sales@markmonitor.com
tsmith@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:19:17 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 21978
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<br />

Email: sales@markmonitor.com<br />
...[SNIP]...
<a href="mailto:sales@markmonitor.com" target="_blank">sales@markmonitor.com<br />
...[SNIP]...
<a href="mailto:admin@markmonitor.com" target="_blank">admin@markmonitor.com</a>
...[SNIP]...
<a href="mailto:admin@markmonitor.com" target="_blank">admin@markmonitor.com</a>
...[SNIP]...
<a href="mailto:europe@markmonitor.com" target="_blank"> europe@markmonitor.com</a>
...[SNIP]...
<a href="mailto:custserv@markmonitor.com" target="_blank">custserv@markmonitor.com</a>
...[SNIP]...
<a href="mailto:tsmith@markmonitor.com" target="_blank">tsmith@markmonitor.com</a>
...[SNIP]...
<a href="mailto:markmonitor@ar-edelman.com" target="_blank"><br />markmonitor@ar-edelman.com</a>
...[SNIP]...

4.4. http://www.markmonitor.com/jobpostings/b-Client_Services_Manager.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/b-Client_Services_Manager.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16757
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank">jobs@markmonitor.com</a>
...[SNIP]...

4.5. http://www.markmonitor.com/jobpostings/b-Domain_Operations_Coordinator.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/b-Domain_Operations_Coordinator.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16641
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank">jobs@markmonitor.com</a>
...[SNIP]...

4.6. http://www.markmonitor.com/jobpostings/b-brand_protection_analyst.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/b-brand_protection_analyst.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16297
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank">jobs@markmonitor.com</a>
...[SNIP]...

4.7. http://www.markmonitor.com/jobpostings/b-software_engineer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/b-software_engineer.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16641
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank">jobs@markmonitor.com</a>
...[SNIP]...

4.8. http://www.markmonitor.com/jobpostings/emea-client_services_manager.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/emea-client_services_manager.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16497
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank">jobs@markmonitor.com</a>
...[SNIP]...

4.9. http://www.markmonitor.com/jobpostings/m-Administrative_Assistant.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/m-Administrative_Assistant.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 16747
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank">jobs@markmonitor.com</a>
...[SNIP]...

4.10. http://www.markmonitor.com/jobpostings/m-Fraud_Analyst.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/m-Fraud_Analyst.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 15412
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank">jobs@markmonitor.com</a>
...[SNIP]...

4.11. http://www.markmonitor.com/jobpostings/sf-Computer_Software_Engineer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/sf-Computer_Software_Engineer.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 14940
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank">jobs@markmonitor.com</a>
...[SNIP]...

4.12. http://www.markmonitor.com/jobpostings/sf-Principal_Database_Engineer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/sf-Principal_Database_Engineer.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 15228
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank">jobs@markmonitor.com</a>
...[SNIP]...

4.13. http://www.markmonitor.com/jobpostings/sf-Search-Engineer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/jobpostings/sf-Search-Engineer.php

Issue detail

The following email address was disclosed in the response:

jobs@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:38 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 15470
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:jobs@markmonitor.com" target="_blank">jobs@markmonitor.com</a>
...[SNIP]...

4.14. http://www.markmonitor.com/legal/privacy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/legal/privacy.php

Issue detail

The following email address was disclosed in the response:

info@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:34 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 15555
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:info@markmonitor.com" target="_blank">info@markmonitor.com</a>
...[SNIP]...

4.15. http://www.markmonitor.com/legal/tc-dm.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/legal/tc-dm.php

Issue detail

The following email addresses were disclosed in the response:

admin@markmonitor.com
custserv@markmonitor.com
europe@markmonitor.com
sales@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:41 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 300533
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:custserv@markmonitor.com" target="_blank">custserv@markmonitor.com</a>
...[SNIP]...
<br />
Email: sales@markmonitor.com</p>
...[SNIP]...
<br />
Email: europe@markmonitor.com</p>
...[SNIP]...
<br />
Email: admin@markmonitor.com</p>
...[SNIP]...

4.16. http://www.markmonitor.com/pressreleases/2010/pr101018.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/pressreleases/2010/pr101018.php

Issue detail

The following email addresses were disclosed in the response:

monica.walsh@ar-edelman.com
te.smith@markmonitor.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:21:41 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 17593
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:te.smith@markmonitor.com">te.smith@markmonitor.com</a>
...[SNIP]...
<a href="mailto:monica.walsh@ar-edelman.com" target="_blank">monica.walsh@ar-edelman.com </a>
...[SNIP]...

4.17. http://www.markmonitor.com/subscription/thankyou.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/subscription/thankyou.html

Issue detail

The following email address was disclosed in the response:

noreply@MarkMonitor.com

Request

GET /subscription/thankyou.html HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/subscription/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:13:03 GMT
Server: NOYB
Last-Modified: Wed, 31 Dec 2008 23:59:30 GMT
ETag: "14bd-7fa71c80"
Accept-Ranges: bytes
Content-Length: 5309
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<strong>noreply@MarkMonitor.com</strong>
...[SNIP]...

5. Credit card numbers disclosed previous next
There are 2 instances of this issue:

/download/cs/cs_snap_on.pdf
/download/wp/wp-pay-per-click-scams.pdf

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

5.1. http://www.markmonitor.com/download/cs/cs_snap_on.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/download/cs/cs_snap_on.pdf

Issue detail

The following credit card numbers were disclosed in the response:

4630000000000000
5747220926064800

Request

GET /download/cs/cs_snap_on.pdf HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/products/brand-protection.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:15:11 GMT
Server: NOYB
Last-Modified: Mon, 21 Dec 2009 19:35:55 GMT
ETag: "426e8-32ab7cc0"
Accept-Ranges: bytes
Content-Length: 272104
Connection: close
Content-Type: application/pdf

%PDF-1.4%....
242 0 obj<</Linearized 1/L 248313/O 244/E 152465/N 4/T 243430/H [ 996 308]>>endobj xref242 350000000016 00000 n
0000001484 00000 n
0000001631 00000 n
0000002175 0
...[SNIP]...
685 593 537 741 704 222 500 648 537 833 704 741 630 0 667 630 556 685 0 907 0 611 0 241 0 241 0 0 0 519 574 519 574 519 259 556 537 185 185 500 185 833 537 556 574 574 315 481 296 537 463 741 481 463 463 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 278 278 370 370 0 500 1000 0 990 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 800 0 0 0 0 800]/BaseFont/ZYGMIY+HelveticaNeue-Light/FirstChar 32/ToUnicode 254 0 R/Encoding/WinAnsiEncoding/Type/Font>
...[SNIP]...
/Type1/FontDescriptor 25 0 R/LastChar 124/Widths[278 0 0 0 0 0 0 0 259 259 0 600 0 0 278 0 556 556 556 556 556 556 0 556 556 556 0 0 0 0 0 0 0 0 685 722 704 611 574 0 0 259 0 0 556 871 722 0 0 0 0 648 574 722 0 926 0 648 0 0 0 0 0 0 0 537 593 537 593 537 296 574 556 222 0 519 222 0 556 574 593 0 333 500 315 556 0 758 0 0 0 0 222]/BaseFont/YQWGUA+HelveticaNeue-Roman/FirstChar 32/ToUnicode 26 0 R/Encoding/WinAnsiEncoding/Ty
...[SNIP]...

5.2. http://www.markmonitor.com/download/wp/wp-pay-per-click-scams.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.markmonitor.com
Path:	/download/wp/wp-pay-per-click-scams.pdf

Issue detail

The following credit card number was disclosed in the response:

5740315481296537

Request

GET /download/wp/wp-pay-per-click-scams.pdf HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/resources/white-papers.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:15:06 GMT
Server: NOYB
Last-Modified: Wed, 23 Jun 2010 23:34:10 GMT
ETag: "b6c09-f984e080"
Accept-Ranges: bytes
Content-Length: 748553
Connection: close
Content-Type: application/pdf

%PDF-1.4%....
430 0 obj<</Linearized 1/L 748553/O 432/E 263594/N 9/T 739910/H [ 916 481]>>endobj xref430 310000000016 00000 n
0000001582 00000 n
0000001730 00000 n
0000002293 0
...[SNIP]...
0 0 0 0 0 0 0 0 278 0 0 0 0 556 0 0 0 0 0 0 278 0 0 0 0 537 0 0 0 0 0 0 0 0 704 222 0 0 0 852 0 741 630 0 648 0 556 0 0 0 0 0 0 0 0 0 0 0 0 519 574 519 574 519 259 556 537 185 185 463 185 833 537 556 574 0 315 481 296 537 0 741 0 463]/BaseFont/HSDQDD+HelveticaNeue-LightItalic/FirstChar 32/ToUnicode 448 0 R/Encoding/WinAnsiEncoding/Type/Font>
...[SNIP]...

6. Content type incorrectly stated previous
There are 10 instances of this issue:

/favicon.ico
/js/email-friend-blog.js
/rss/rss-events.php
/rss/rss-gTLDs.php
/rss/rss-news.php
/rss/rss-press-releases.php
/rss/rss-products-ap.php
/rss/rss-products-dm.php
/rss/rss-products-obp.php
/rss/rss-resources.php

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

6.1. http://www.markmonitor.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: www.markmonitor.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:10:18 GMT
Server: NOYB
Last-Modified: Thu, 16 Jul 2009 19:33:28 GMT
ETag: "37e-befb3200"
Accept-Ranges: bytes
Content-Length: 894
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ......................................................................................]$.Z .Z .Z .Z .Z .Z .Z .Z .Z .Z .]$..........T..M..M..M..M..M..M..M..M..M..M..M..M.
...[SNIP]...

6.2. http://www.markmonitor.com/js/email-friend-blog.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/js/email-friend-blog.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/email-friend-blog.js HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:16:20 GMT
Server: NOYB
Last-Modified: Mon, 17 May 2010 19:08:13 GMT
ETag: "804-f2478140"
Accept-Ranges: bytes
Content-Length: 2052
Connection: close
Content-Type: application/x-javascript

function ShowEmailToFriendBlogLink(){
...... ...... ...... ...... ...... ...... var linktext = "";

...... ...... ...... ...... ...... ...... var pagetitle = "";
...... ...... ...... ...... ...... ..
...[SNIP]...

6.3. http://www.markmonitor.com/rss/rss-events.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/rss/rss-events.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /rss/rss-events.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/rss/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 1453
Connection: close
Content-Type: text/html; charset=UTF-8

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
    <title>MarkMonitor Events</title>
    <link>http://www.markmonitor.com/events.php</link>
    <description>MarkMonitor Events De
...[SNIP]...

6.4. http://www.markmonitor.com/rss/rss-gTLDs.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/rss/rss-gTLDs.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /rss/rss-gTLDs.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/rss/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 5881
Connection: close
Content-Type: text/html; charset=UTF-8

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
    <title>dotBrand Resource Center</title>
    <link>http://www.markmonitor.com/topleveldomains/index.php</link>
    <description>
...[SNIP]...

6.5. http://www.markmonitor.com/rss/rss-news.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/rss/rss-news.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /rss/rss-news.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/rss/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 12550
Connection: close
Content-Type: text/html; charset=UTF-8

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
    <title>MarkMonitor News</title>
    <link>http://www.markmonitor.com/company/news.php</link>
    <description>MarkMonitor News
...[SNIP]...

6.6. http://www.markmonitor.com/rss/rss-press-releases.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/rss/rss-press-releases.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /rss/rss-press-releases.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/rss/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 7255
Connection: close
Content-Type: text/html; charset=UTF-8

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
    <title>MarkMonitor Press Releases</title>
    <link>http://www.markmonitor.com/company/press.php</link>
    <description>MarkMo
...[SNIP]...

6.7. http://www.markmonitor.com/rss/rss-products-ap.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/rss/rss-products-ap.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /rss/rss-products-ap.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/rss/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 2534
Connection: close
Content-Type: text/html; charset=UTF-8

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
    <title>MarkMonitor AntiFraud Solutions</title>
    <link>http://www.markmonitor.com/products/antiFraud_solutions.php</link>

...[SNIP]...

6.8. http://www.markmonitor.com/rss/rss-products-dm.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/rss/rss-products-dm.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /rss/rss-products-dm.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/rss/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 8585
Connection: close
Content-Type: text/html; charset=UTF-8

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
    <title>MarkMonitor Domain Management</title>
    <link>http://www.markmonitor.com/products/domain_management.php</link>
    <de
...[SNIP]...

6.9. http://www.markmonitor.com/rss/rss-products-obp.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/rss/rss-products-obp.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /rss/rss-products-obp.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/rss/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 7133
Connection: close
Content-Type: text/html; charset=UTF-8

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
    <title>MarkMonitor Online Brand Protection</title>
    <link>http://www.markmonitor.com/products/index.php</link>
    <descript
...[SNIP]...

6.10. http://www.markmonitor.com/rss/rss-resources.php previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.markmonitor.com
Path:	/rss/rss-resources.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /rss/rss-resources.php HTTP/1.1
Host: www.markmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.markmonitor.com/rss/index.php
Cookie: __utmz=150829098.1288807326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=150829098.1124917399.1288807326.1288807326.1289333444.2; __utmc=150829098; __utmb=150829098.2.10.1289333444;

Response

HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:12:39 GMT
Server: NOYB
X-Powered-By: PHP/5.3.3
Content-Length: 4208
Connection: close
Content-Type: text/html; charset=UTF-8

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
    <title>MarkMonitor Resources</title>
    <link>http://www.markmonitor.com/resources/index.php</link>
    <description>MarkMonit
...[SNIP]...

Report generated by Hoyt LLC Research at Tue Nov 09 18:41:43 CST 2010.